8.6

CVE-2019-1964

A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoNx-os Version >= 8.1 < 8.2\(3\)
   Cisco7000 10-slot Version-
   Cisco7000 18-slot Version-
   Cisco7000 4-slot Version-
   Cisco7000 9-slot Version-
   Cisco7700 10-slot Version-
   Cisco7700 18-slot Version-
   Cisco7700 2-slot Version-
   Cisco7700 6-slot Version-
   CiscoN77-f312ck-26 Version-
   CiscoN77-f324fq-25 Version-
   CiscoN77-f348xp-23 Version-
   CiscoN77-f430cq-36 Version-
   CiscoN77-m312cq-26l Version-
   CiscoN77-m324fq-25l Version-
   CiscoN77-m348xp-23l Version-
   CiscoN7k-f248xp-25e Version-
   CiscoN7k-f306ck-25 Version-
   CiscoN7k-f312fq-25 Version-
   CiscoN7k-m202cf-22l Version-
   CiscoN7k-m206fq-23l Version-
   CiscoN7k-m224xp-23l Version-
   CiscoN7k-m324fq-25l Version-
   CiscoN7k-m348xp-25l Version-
   CiscoNexus 7000 Supervisor 1 Version-
   CiscoNexus 7000 Supervisor 2 Version-
   CiscoNexus 7000 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 3e Version-
CiscoNx-os Version >= 8.3 < 8.4
   Cisco7000 10-slot Version-
   Cisco7000 18-slot Version-
   Cisco7000 4-slot Version-
   Cisco7000 9-slot Version-
   Cisco7700 10-slot Version-
   Cisco7700 18-slot Version-
   Cisco7700 2-slot Version-
   Cisco7700 6-slot Version-
   CiscoN77-f312ck-26 Version-
   CiscoN77-f324fq-25 Version-
   CiscoN77-f348xp-23 Version-
   CiscoN77-f430cq-36 Version-
   CiscoN77-m312cq-26l Version-
   CiscoN77-m324fq-25l Version-
   CiscoN77-m348xp-23l Version-
   CiscoN7k-f248xp-25e Version-
   CiscoN7k-f306ck-25 Version-
   CiscoN7k-f312fq-25 Version-
   CiscoN7k-m202cf-22l Version-
   CiscoN7k-m206fq-23l Version-
   CiscoN7k-m224xp-23l Version-
   CiscoN7k-m324fq-25l Version-
   CiscoN7k-m348xp-25l Version-
   CiscoNexus 7000 Supervisor 1 Version-
   CiscoNexus 7000 Supervisor 2 Version-
   CiscoNexus 7000 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 3e Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.45% 0.789
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.