Details of VAR-201903-0578

ID

VAR-201903-0578

CVE

CVE-2019-1594

TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002275

DESCRIPTION

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Cisco NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco bug ID CSCvi93959, CSCvj22443, CSCvj22446, CSCvj22447, CSCvj22449. Cisco NX-OS Software is a set of data center-level operating system software used by switches

Trust: 1.98

sources: NVD: CVE-2019-1594 // JVNDB: JVNDB-2019-002275 // BID: 107325 // VULHUB: VHN-148036

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	lt	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(3\)d1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.1\(5\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i7	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(5\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	6.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	5.2\(1\)sv3\(1.4b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(20a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	13.2\(1l\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series switches 13.2	scope:	ne	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.0 i4	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 13.2	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.3 sk	scope:	eq	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.1	scope:	eq	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.3 d1	scope:	eq	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70006.2(20)	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.1 n1	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	nexus switch for vmware vsphere 5.2 sv2	scope:	eq	version:	1000v	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.0 i7	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	900014.0(0.58)	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	900013.2(0.3)	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70008.3(1)	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.3 d1	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.0 i7	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70006.2(22)	Trust: 0.3
vendor:	cisco	model:	nexus series switches 6.2	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.3 n1	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.1 n1	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	nexus switch for vmware vsphere 5.2 sv3	scope:	ne	version:	1000v	Trust: 0.3

sources: BID: 107325 // JVNDB: JVNDB-2019-002275 // NVD: CVE-2019-1594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1594
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1594
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1594
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-175
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148036
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1594
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148036
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1594
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-148036 // JVNDB: JVNDB-2019-002275 // CNNVD: CNNVD-201903-175 // NVD: CVE-2019-1594 // NVD: CVE-2019-1594

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-264	Trust: 1.0

sources: VULHUB: VHN-148036 // JVNDB: JVNDB-2019-002275 // NVD: CVE-2019-1594

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-175

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-175

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002275

PATCH

title:	cisco-sa-20190306-nx-os-lan-auth	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth	Trust: 0.8
title:	Cisco NX-OS Software Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89848	Trust: 0.6

sources: JVNDB: JVNDB-2019-002275 // CNNVD: CNNVD-201903-175

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1594	Trust: 2.8
db:	BID	id:	107325	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-175	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0707	Trust: 0.6
db:	VULHUB	id:	VHN-148036	Trust: 0.1

sources: VULHUB: VHN-148036 // BID: 107325 // JVNDB: JVNDB-2019-002275 // CNNVD: CNNVD-201903-175 // NVD: CVE-2019-1594

REFERENCES

url:	http://www.securityfocus.com/bid/107325	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nx-os-lan-auth	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1594	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1594	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76606	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-148036 // BID: 107325 // JVNDB: JVNDB-2019-002275 // CNNVD: CNNVD-201903-175 // NVD: CVE-2019-1594

CREDITS

Cisco

Trust: 0.9

sources: BID: 107325 // CNNVD: CNNVD-201903-175

SOURCES

db:	VULHUB	id:	VHN-148036
db:	BID	id:	107325
db:	JVNDB	id:	JVNDB-2019-002275
db:	CNNVD	id:	CNNVD-201903-175
db:	NVD	id:	CVE-2019-1594

LAST UPDATE DATE

2024-11-23T21:52:27.320000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148036	date:	2019-10-09T00:00:00
db:	BID	id:	107325	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002275	date:	2019-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201903-175	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1594	date:	2024-11-21T04:36:52.873

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148036	date:	2019-03-06T00:00:00
db:	BID	id:	107325	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002275	date:	2019-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201903-175	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1594	date:	2019-03-06T22:29:00.340