Details of VAR-201903-0590

ID

VAR-201903-0590

CVE

CVE-2019-1598

TITLE

Cisco FXOS and NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002531

DESCRIPTION

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b). Cisco FXOS and NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS System Software are prone to multiple denial-of-service vulnerabilities. This issue is being tracked by Cisco Bug IDs CSCvd40241, CSCvd57308, CSCve02855, CSCve02858, CSCve02865, CSCve02867, CSCve02871, CSCve57816, CSCve57820, CSCve58224. Both Cisco NX-OS Software and Cisco FXOS Software are products of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2019-1598 // JVNDB: JVNDB-2019-002531 // BID: 107394 // VULHUB: VHN-148080

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(20\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i5	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.0\(2\)a8\(11\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	3.2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	5.2	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.3	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.3.1.75	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(2\)d1\(1\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.0.1.201	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i4\(7\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(21\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.2.2.54	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	63000	Trust: 0.3
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	62000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.3(2)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(27)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(22)	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 3.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.4.1.222	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.3.1.110	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.2.2.91	Trust: 0.3

sources: BID: 107394 // JVNDB: JVNDB-2019-002531 // NVD: CVE-2019-1598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1598
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1598
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1598
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-189
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148080
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1598
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148080
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1598
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1598
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-148080 // JVNDB: JVNDB-2019-002531 // CNNVD: CNNVD-201903-189 // NVD: CVE-2019-1598 // NVD: CVE-2019-1598

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-148080 // JVNDB: JVNDB-2019-002531 // NVD: CVE-2019-1598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-189

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002531

PATCH

title:	cisco-sa-20190306-nxosldap	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap	Trust: 0.8
title:	Cisco FXOS Software and Cisco NX-OS Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89859	Trust: 0.6

sources: JVNDB: JVNDB-2019-002531 // CNNVD: CNNVD-201903-189

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1598	Trust: 2.8
db:	BID	id:	107394	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002531	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-189	Trust: 0.7
db:	NSFOCUS	id:	42895	Trust: 0.6
db:	VULHUB	id:	VHN-148080	Trust: 0.1

sources: VULHUB: VHN-148080 // BID: 107394 // JVNDB: JVNDB-2019-002531 // CNNVD: CNNVD-201903-189 // NVD: CVE-2019-1598

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxosldap	Trust: 2.6
url:	http://www.securityfocus.com/bid/107394	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1598	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1598	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42895	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html	Trust: 0.3

sources: VULHUB: VHN-148080 // BID: 107394 // JVNDB: JVNDB-2019-002531 // CNNVD: CNNVD-201903-189 // NVD: CVE-2019-1598

CREDITS

Cisco.,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-189

SOURCES

db:	VULHUB	id:	VHN-148080
db:	BID	id:	107394
db:	JVNDB	id:	JVNDB-2019-002531
db:	CNNVD	id:	CNNVD-201903-189
db:	NVD	id:	CVE-2019-1598

LAST UPDATE DATE

2024-11-23T22:12:08.523000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148080	date:	2019-10-09T00:00:00
db:	BID	id:	107394	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002531	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-189	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1598	date:	2024-11-21T04:36:53.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148080	date:	2019-03-07T00:00:00
db:	BID	id:	107394	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002531	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-189	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1598	date:	2019-03-07T19:29:00.303