ID

VAR-201903-0566


CVE

CVE-2019-1750


TITLE

Cisco IOS XE Software error handling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002970

DESCRIPTION

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco IOS XE The software contains an error handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXE is a modular operating system based on the Linux kernel. Cisco Catalyst 4500 Series Switches are prone to an denial-of-service vulnerability. This issue is tracked by Cisco Bug ID CSCvk24566. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 2.61

sources: NVD: CVE-2019-1750 // JVNDB: JVNDB-2019-002970 // CNVD: CNVD-2019-10452 // BID: 107607 // VULHUB: VHN-149752 // VULMON: CVE-2019-1750

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-10452

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xescope:eqversion:3.8.5ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.3e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.9e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.5be

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.10e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.5ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.6e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.7e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.2be

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.7e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.0be

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.3e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.7ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.8e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1se

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.0ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.5e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.5e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.4e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7.3e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.2ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.8.4e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.7be

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.0ce

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.6e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1e

Trust: 1.0

vendor:ciscomodel:catalystscope:eqversion:4500

Trust: 0.9

vendor:ciscomodel:catalystscope:eqversion:4500-x

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:4500-x0

Trust: 0.3

sources: CNVD: CNVD-2019-10452 // BID: 107607 // JVNDB: JVNDB-2019-002970 // NVD: CVE-2019-1750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1750
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1750
value: HIGH

Trust: 1.0

NVD: CVE-2019-1750
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-10452
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-1088
value: HIGH

Trust: 0.6

VULHUB: VHN-149752
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1750
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1750
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-10452
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-149752
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1750
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 2.8

sources: CNVD: CNVD-2019-10452 // VULHUB: VHN-149752 // VULMON: CVE-2019-1750 // JVNDB: JVNDB-2019-002970 // CNNVD: CNNVD-201903-1088 // NVD: CVE-2019-1750 // NVD: CVE-2019-1750

PROBLEMTYPE DATA

problemtype:CWE-388

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-149752 // JVNDB: JVNDB-2019-002970 // NVD: CVE-2019-1750

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1088

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1088

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002970

PATCH

title:cisco-sa-20190327-evssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss

Trust: 0.8

title:Cisco IOSXECatalyst4500 Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/159091

Trust: 0.6

title:Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90503

Trust: 0.6

title:Cisco: Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-evss

Trust: 0.1

title: - url:https://github.com/ExpLangcn/FuYao-Go

Trust: 0.1

sources: CNVD: CNVD-2019-10452 // VULMON: CVE-2019-1750 // JVNDB: JVNDB-2019-002970 // CNNVD: CNNVD-201903-1088

EXTERNAL IDS

db:NVDid:CVE-2019-1750

Trust: 3.5

db:BIDid:107607

Trust: 2.0

db:JVNDBid:JVNDB-2019-002970

Trust: 0.8

db:CNNVDid:CNNVD-201903-1088

Trust: 0.7

db:CNVDid:CNVD-2019-10452

Trust: 0.6

db:NSFOCUSid:43607

Trust: 0.6

db:VULHUBid:VHN-149752

Trust: 0.1

db:VULMONid:CVE-2019-1750

Trust: 0.1

sources: CNVD: CNVD-2019-10452 // VULHUB: VHN-149752 // VULMON: CVE-2019-1750 // BID: 107607 // JVNDB: JVNDB-2019-002970 // CNNVD: CNNVD-201903-1088 // NVD: CVE-2019-1750

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-evss

Trust: 2.6

url:http://www.securityfocus.com/bid/107607

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1750

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1750

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43607

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/en/us/products/hw/switches/index.html

Trust: 0.3

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2019-10452 // VULHUB: VHN-149752 // BID: 107607 // JVNDB: JVNDB-2019-002970 // CNNVD: CNNVD-201903-1088 // NVD: CVE-2019-1750

CREDITS

Cisco

Trust: 0.9

sources: BID: 107607 // CNNVD: CNNVD-201903-1088

SOURCES

db:CNVDid:CNVD-2019-10452
db:VULHUBid:VHN-149752
db:VULMONid:CVE-2019-1750
db:BIDid:107607
db:JVNDBid:JVNDB-2019-002970
db:CNNVDid:CNNVD-201903-1088
db:NVDid:CVE-2019-1750

LAST UPDATE DATE

2024-08-14T15:43:50.463000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-10452date:2019-04-18T00:00:00
db:VULHUBid:VHN-149752date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1750date:2019-10-09T00:00:00
db:BIDid:107607date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002970date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1088date:2022-07-06T00:00:00
db:NVDid:CVE-2019-1750date:2019-10-09T23:47:57.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-10452date:2019-04-18T00:00:00
db:VULHUBid:VHN-149752date:2019-03-28T00:00:00
db:VULMONid:CVE-2019-1750date:2019-03-28T00:00:00
db:BIDid:107607date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002970date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1088date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1750date:2019-03-28T00:29:00.747