ID

VAR-201903-0598


CVE

CVE-2019-1741


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003032

DESCRIPTION

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco IOS XE Software is prone to a denial-of-service vulnerability

Trust: 2.07

sources: NVD: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // BID: 107614 // VULHUB: VHN-149653 // VULMON: CVE-2019-1741

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0ja

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe software fujiscope:eqversion:16.8.1

Trust: 0.3

sources: BID: 107614 // JVNDB: JVNDB-2019-003032 // NVD: CVE-2019-1741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1741
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1741
value: HIGH

Trust: 1.0

NVD: CVE-2019-1741
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1085
value: HIGH

Trust: 0.6

VULHUB: VHN-149653
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1741
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1741
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149653
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1741
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1741
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1741
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149653 // VULMON: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741 // NVD: CVE-2019-1741

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-416

Trust: 1.1

sources: VULHUB: VHN-149653 // JVNDB: JVNDB-2019-003032 // NVD: CVE-2019-1741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003032

PATCH

title:cisco-sa-20190327-eta-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos

Trust: 0.8

title:Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90502

Trust: 0.6

title:Cisco: Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-eta-dos

Trust: 0.1

title: - url:https://github.com/ExpLangcn/FuYao-Go

Trust: 0.1

sources: VULMON: CVE-2019-1741 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085

EXTERNAL IDS

db:NVDid:CVE-2019-1741

Trust: 2.9

db:BIDid:107614

Trust: 2.0

db:JVNDBid:JVNDB-2019-003032

Trust: 0.8

db:CNNVDid:CNNVD-201903-1085

Trust: 0.7

db:NSFOCUSid:43605

Trust: 0.6

db:VULHUBid:VHN-149653

Trust: 0.1

db:VULMONid:CVE-2019-1741

Trust: 0.1

sources: VULHUB: VHN-149653 // VULMON: CVE-2019-1741 // BID: 107614 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741

REFERENCES

url:http://www.securityfocus.com/bid/107614

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-eta-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1741

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1741

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43605

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149653 // BID: 107614 // JVNDB: JVNDB-2019-003032 // CNNVD: CNNVD-201903-1085 // NVD: CVE-2019-1741

CREDITS

Cisco ?? ??,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201903-1085

SOURCES

db:VULHUBid:VHN-149653
db:VULMONid:CVE-2019-1741
db:BIDid:107614
db:JVNDBid:JVNDB-2019-003032
db:CNNVDid:CNNVD-201903-1085
db:NVDid:CVE-2019-1741

LAST UPDATE DATE

2024-08-14T14:32:45.687000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149653date:2020-10-08T00:00:00
db:VULMONid:CVE-2019-1741date:2020-10-08T00:00:00
db:BIDid:107614date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003032date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1085date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1741date:2020-10-08T20:08:21.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-149653date:2019-03-28T00:00:00
db:VULMONid:CVE-2019-1741date:2019-03-28T00:00:00
db:BIDid:107614date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003032date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1085date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1741date:2019-03-28T00:29:00.420