ID

VAR-201903-0567


CVE

CVE-2019-1751


TITLE

Cisco IOS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002971

DESCRIPTION

A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition. Cisco IOS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvk61580. Cisco IOS is an operating system developed by Cisco for its network equipment

Trust: 1.98

sources: NVD: CVE-2019-1751 // JVNDB: JVNDB-2019-002971 // BID: 107601 // VULHUB: VHN-149763

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m7a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m6a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4c

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)cg1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m5a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)m2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(1\)t0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m0b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(2\)xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

sources: BID: 107601 // JVNDB: JVNDB-2019-002971 // NVD: CVE-2019-1751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1751
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1751
value: HIGH

Trust: 1.0

NVD: CVE-2019-1751
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1104
value: HIGH

Trust: 0.6

VULHUB: VHN-149763
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1751
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149763
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1751
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1751
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149763 // JVNDB: JVNDB-2019-002971 // CNNVD: CNNVD-201903-1104 // NVD: CVE-2019-1751 // NVD: CVE-2019-1751

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149763 // JVNDB: JVNDB-2019-002971 // NVD: CVE-2019-1751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1104

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1104

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002971

PATCH

title:cisco-sa-20190327-nat64url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nat64

Trust: 0.8

title:Cisco IOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90519

Trust: 0.6

sources: JVNDB: JVNDB-2019-002971 // CNNVD: CNNVD-201903-1104

EXTERNAL IDS

db:NVDid:CVE-2019-1751

Trust: 2.8

db:BIDid:107601

Trust: 2.0

db:JVNDBid:JVNDB-2019-002971

Trust: 0.8

db:CNNVDid:CNNVD-201903-1104

Trust: 0.7

db:VULHUBid:VHN-149763

Trust: 0.1

sources: VULHUB: VHN-149763 // BID: 107601 // JVNDB: JVNDB-2019-002971 // CNNVD: CNNVD-201903-1104 // NVD: CVE-2019-1751

REFERENCES

url:http://www.securityfocus.com/bid/107601

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-nat64

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1751

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1751

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

Trust: 0.3

sources: VULHUB: VHN-149763 // BID: 107601 // JVNDB: JVNDB-2019-002971 // CNNVD: CNNVD-201903-1104 // NVD: CVE-2019-1751

CREDITS

Cisco

Trust: 0.9

sources: BID: 107601 // CNNVD: CNNVD-201903-1104

SOURCES

db:VULHUBid:VHN-149763
db:BIDid:107601
db:JVNDBid:JVNDB-2019-002971
db:CNNVDid:CNNVD-201903-1104
db:NVDid:CVE-2019-1751

LAST UPDATE DATE

2024-11-23T23:04:49.647000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149763date:2019-10-09T00:00:00
db:BIDid:107601date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002971date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1104date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1751date:2024-11-21T04:37:16.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-149763date:2019-03-28T00:00:00
db:BIDid:107601date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002971date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1104date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1751date:2019-03-28T00:29:00.780