ID
VAR-201903-0566
CVE
CVE-2019-1750
TITLE
Cisco IOS XE Software error handling vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco IOS XE The software contains an error handling vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXE is a modular operating system based on the Linux kernel. Cisco Catalyst 4500 Series Switches are prone to an denial-of-service vulnerability. This issue is tracked by Cisco Bug ID CSCvk24566. Cisco IOS XE is an operating system developed by Cisco for its network equipment
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 1.4 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.5ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.3e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.9e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.5be | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.10e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.5ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.6e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.7e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.9.2h | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.2be | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.7e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.0be | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.3e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.1ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.7ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.8e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.1se | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.0ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.5e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.5e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.2e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.4e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.7.3e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.2ae | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.8.4e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.9.0e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.7be | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.0ce | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.6.6e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.10.1e | Trust: 1.0 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 4500 | Trust: 0.9 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 4500-x | Trust: 0.6 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 4500-x0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-388 | Trust: 1.9 |
| problemtype: | CWE-20 | Trust: 1.0 |
THREAT TYPE
remote or local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20190327-evss | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss | Trust: 0.8 |
| title: | Cisco IOSXECatalyst4500 Denial of Service Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/159091 | Trust: 0.6 |
| title: | Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches Cisco IOS XE Enter the fix for the verification vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90503 | Trust: 0.6 |
| title: | Cisco: Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-evss | Trust: 0.1 |
| title: | - | url: | https://github.com/ExpLangcn/FuYao-Go | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1750 | Trust: 3.5 |
| db: | BID | id: | 107607 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2019-002970 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-1088 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-10452 | Trust: 0.6 |
| db: | NSFOCUS | id: | 43607 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-149752 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-1750 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-evss | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/107607 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1750 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1750 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/43607 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888 | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/products/hw/switches/index.html | Trust: 0.3 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2019-10452 |
| db: | VULHUB | id: | VHN-149752 |
| db: | VULMON | id: | CVE-2019-1750 |
| db: | BID | id: | 107607 |
| db: | JVNDB | id: | JVNDB-2019-002970 |
| db: | CNNVD | id: | CNNVD-201903-1088 |
| db: | NVD | id: | CVE-2019-1750 |
LAST UPDATE DATE
2024-08-14T15:43:50.463000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-10452 | date: | 2019-04-18T00:00:00 |
| db: | VULHUB | id: | VHN-149752 | date: | 2019-10-09T00:00:00 |
| db: | VULMON | id: | CVE-2019-1750 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 107607 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002970 | date: | 2019-04-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1088 | date: | 2022-07-06T00:00:00 |
| db: | NVD | id: | CVE-2019-1750 | date: | 2019-10-09T23:47:57.707 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-10452 | date: | 2019-04-18T00:00:00 |
| db: | VULHUB | id: | VHN-149752 | date: | 2019-03-28T00:00:00 |
| db: | VULMON | id: | CVE-2019-1750 | date: | 2019-03-28T00:00:00 |
| db: | BID | id: | 107607 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002970 | date: | 2019-04-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1088 | date: | 2019-03-27T00:00:00 |
| db: | NVD | id: | CVE-2019-1750 | date: | 2019-03-28T00:29:00.747 |