Details of VAR-201903-0557

ID

VAR-201903-0557

CVE

CVE-2019-1616

TITLE

Cisco NX-OS Software buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-002430 // CNNVD: CNNVD-201903-163

DESCRIPTION

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a). Cisco NX-OS The software contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco bug ID CSCvh99066, CSCvj10176, CSCvj10178, CSCvj10181 and CSCvj10183. Cisco NX-OS Software is a set of data center-level operating system software used by switches

Trust: 1.98

sources: NVD: CVE-2019-1616 // JVNDB: JVNDB-2019-002430 // BID: 107395 // VULHUB: VHN-148278

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	lt	version:	8.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	6.0\(2\)a8	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i4	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)f3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i5	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	4.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	4.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	6.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	3.2\(3j\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	5.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.0\(2\)a8	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.0\(2\)a8\(10\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(3c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	7.0\(3\)i4	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)f1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i4\(9\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(22\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(25\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	64000	Trust: 0.3
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	63000	Trust: 0.3
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	62000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	9.2(2)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.3(2)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(27)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(22)	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 4.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 3.2	scope:	ne	version:	-	Trust: 0.3

sources: BID: 107395 // JVNDB: JVNDB-2019-002430 // NVD: CVE-2019-1616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1616
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1616
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1616
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-163
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148278
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1616
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148278
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1616
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1616
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-148278 // JVNDB: JVNDB-2019-002430 // CNNVD: CNNVD-201903-163 // NVD: CVE-2019-1616 // NVD: CVE-2019-1616

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-148278 // JVNDB: JVNDB-2019-002430 // NVD: CVE-2019-1616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-163

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002430

PATCH

title:	cisco-sa-20190306-nxos-fabric-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos	Trust: 0.8
title:	Cisco NX-OS Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89838	Trust: 0.6

sources: JVNDB: JVNDB-2019-002430 // CNNVD: CNNVD-201903-163

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1616	Trust: 2.8
db:	BID	id:	107395	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002430	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-163	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0706.2	Trust: 0.6
db:	NSFOCUS	id:	42881	Trust: 0.6
db:	VULHUB	id:	VHN-148278	Trust: 0.1

sources: VULHUB: VHN-148278 // BID: 107395 // JVNDB: JVNDB-2019-002430 // CNNVD: CNNVD-201903-163 // NVD: CVE-2019-1616

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-fabric-dos	Trust: 2.6
url:	http://www.securityfocus.com/bid/107395	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1616	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1616	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-nx-os-buffer-overflow-via-fabric-services-28781	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76602	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42881	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-148278 // BID: 107395 // JVNDB: JVNDB-2019-002430 // CNNVD: CNNVD-201903-163 // NVD: CVE-2019-1616

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-163

SOURCES

db:	VULHUB	id:	VHN-148278
db:	BID	id:	107395
db:	JVNDB	id:	JVNDB-2019-002430
db:	CNNVD	id:	CNNVD-201903-163
db:	NVD	id:	CVE-2019-1616

LAST UPDATE DATE

2024-11-23T21:52:27.352000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148278	date:	2019-10-09T00:00:00
db:	BID	id:	107395	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002430	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-163	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1616	date:	2024-11-21T04:36:56.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148278	date:	2019-03-11T00:00:00
db:	BID	id:	107395	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002430	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-163	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1616	date:	2019-03-11T21:29:00.967