Sign-up

ID

VAR-201901-0349


CVE

CVE-2019-1651


TITLE

Cisco vContainer Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001388

DESCRIPTION

A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user. Cisco vContainer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in a denial-of-service condition. This issue being tracked by Cisco Bug ID CSCvm25955

Trust: 1.98

sources: NVD: CVE-2019-1651 // JVNDB: JVNDB-2019-001388 // BID: 106703 // VULHUB: VHN-148663

AFFECTED PRODUCTS

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vsmart controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:18.3.1

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:18.3

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:17.2.8

Trust: 0.3

vendor:ciscomodel:sd-wanscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:sd-wanscope:neversion:18.4

Trust: 0.3

sources: BID: 106703 // JVNDB: JVNDB-2019-001388 // NVD: CVE-2019-1651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1651
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1651
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-1651
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-872
value: HIGH

Trust: 0.6

VULHUB: VHN-148663
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1651
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148663
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1651
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1651
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-148663 // JVNDB: JVNDB-2019-001388 // CNNVD: CNNVD-201901-872 // NVD: CVE-2019-1651 // NVD: CVE-2019-1651

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-148663 // JVNDB: JVNDB-2019-001388 // NVD: CVE-2019-1651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-872

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-872

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001388

PATCH
title:cisco-sa-20190123-sdwan-bourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Trust: 0.8
title:Cisco SD-WAN Solution vContainer Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88958
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001388 // 
            
            
            
            CNNVD: CNNVD-201901-872

EXTERNAL IDS
db:NVDid:CVE-2019-1651
Trust: 2.8
db:BIDid:106703
Trust: 2.0
db:JVNDBid:JVNDB-2019-001388
Trust: 0.8
db:NSFOCUSid:43871
Trust: 0.6
db:CNNVDid:CNNVD-201901-872
Trust: 0.6
db:VULHUBid:VHN-148663
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148663 // 
            
            
            
            BID: 106703 // 
            
            
            
            JVNDB: JVNDB-2019-001388 // 
            
            
            
            CNNVD: CNNVD-201901-872 // 
            
            
            
            NVD: CVE-2019-1651

REFERENCES
url:http://www.securityfocus.com/bid/106703
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-sdwan-bo
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1651
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-1651
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43871
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-148663 // 
            
            
            
            BID: 106703 // 
            
            
            
            JVNDB: JVNDB-2019-001388 // 
            
            
            
            CNNVD: CNNVD-201901-872 // 
            
            
            
            NVD: CVE-2019-1651

CREDITS
This vulnerability was found during internal security testing.,The vendor reported this issue.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-872

SOURCES
db:VULHUBid:VHN-148663
db:BIDid:106703
db:JVNDBid:JVNDB-2019-001388
db:CNNVDid:CNNVD-201901-872
db:NVDid:CVE-2019-1651

LAST UPDATE DATE
2024-08-14T15:18:08.626000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148663date:2019-10-09T00:00:00
db:BIDid:106703date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001388date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-872date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1651date:2019-10-09T23:47:37.550

SOURCES RELEASE DATE
db:VULHUBid:VHN-148663date:2019-01-24T00:00:00
db:BIDid:106703date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001388date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-872date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1651date:2019-01-24T15:29:00.893