Details of VAR-201903-0598

ID

VAR-201903-0598

CVE

CVE-2019-1741

TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003032

DESCRIPTION

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco IOS XE Software is prone to a denial-of-service vulnerability

Trust: 2.07

sources: NVD: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // BID: 107614 // VULHUB: VHN-149653 // VULMON: CVE-2019-1741

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0ja	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software fuji	scope:	eq	version:	16.8.1	Trust: 0.3

sources: BID: 107614 // JVNDB: JVNDB-2019-003032 // NVD: CVE-2019-1741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1741
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1741
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1741
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-1085
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149653
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1741
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1741
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-149653
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1741
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1741
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1741
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149653 // VULMON: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741 // NVD: CVE-2019-1741

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-416	Trust: 1.1

sources: VULHUB: VHN-149653 // JVNDB: JVNDB-2019-003032 // NVD: CVE-2019-1741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003032

PATCH

title:	cisco-sa-20190327-eta-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos	Trust: 0.8
title:	Cisco IOS XE Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90502	Trust: 0.6
title:	Cisco: Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-eta-dos	Trust: 0.1
title:	-	url:	https://github.com/ExpLangcn/FuYao-Go	Trust: 0.1

sources: VULMON: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1741	Trust: 2.9
db:	BID	id:	107614	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003032	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1085	Trust: 0.7
db:	NSFOCUS	id:	43605	Trust: 0.6
db:	VULHUB	id:	VHN-149653	Trust: 0.1
db:	VULMON	id:	CVE-2019-1741	Trust: 0.1

sources: VULHUB: VHN-149653 // VULMON: CVE-2019-1741 // BID: 107614 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741

REFERENCES

url:	http://www.securityfocus.com/bid/107614	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-eta-dos	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1741	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1741	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43605	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-149653 // BID: 107614 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741

CREDITS

Cisco ?? ??,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

SOURCES

db:	VULHUB	id:	VHN-149653
db:	VULMON	id:	CVE-2019-1741
db:	BID	id:	107614
db:	JVNDB	id:	JVNDB-2019-003032
db:	CNNVD	id:	CNNVD-201903-1085
db:	NVD	id:	CVE-2019-1741

LAST UPDATE DATE

2024-08-14T14:32:45.687000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149653	date:	2020-10-08T00:00:00
db:	VULMON	id:	CVE-2019-1741	date:	2020-10-08T00:00:00
db:	BID	id:	107614	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003032	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1085	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1741	date:	2020-10-08T20:08:21.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149653	date:	2019-03-28T00:00:00
db:	VULMON	id:	CVE-2019-1741	date:	2019-03-28T00:00:00
db:	BID	id:	107614	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003032	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1085	date:	2019-03-27T00:00:00
db:	NVD	id:	CVE-2019-1741	date:	2019-03-28T00:29:00.420