ID

VAR-201904-0241


CVE

CVE-2019-1718


TITLE

Cisco Identity Services Engine Vulnerabilities in resource management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003537

DESCRIPTION

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvo10487. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a resource management error vulnerability in the web interface of Cisco ISE version 2.1, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1718 // JVNDB: JVNDB-2019-003537 // BID: 108030 // VULHUB: VHN-149400

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.907\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.1

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:2.1(0.907)

Trust: 0.3

sources: BID: 108030 // JVNDB: JVNDB-2019-003537 // NVD: CVE-2019-1718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1718
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1718
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-835
value: HIGH

Trust: 0.6

VULHUB: VHN-149400
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1718
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149400
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1718
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1718
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1718
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149400 // JVNDB: JVNDB-2019-003537 // CNNVD: CNNVD-201904-835 // NVD: CVE-2019-1718 // NVD: CVE-2019-1718

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-149400 // JVNDB: JVNDB-2019-003537 // NVD: CVE-2019-1718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-835

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-835

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003537

PATCH

title:cisco-sa-20190417-ise-ssl-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ise-ssl-dos

Trust: 0.8

title:Cisco Identity Services Engine Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91670

Trust: 0.6

sources: JVNDB: JVNDB-2019-003537 // CNNVD: CNNVD-201904-835

EXTERNAL IDS

db:NVDid:CVE-2019-1718

Trust: 2.8

db:BIDid:108030

Trust: 2.0

db:JVNDBid:JVNDB-2019-003537

Trust: 0.8

db:CNNVDid:CNNVD-201904-835

Trust: 0.7

db:AUSCERTid:ESB-2019.1332

Trust: 0.6

db:VULHUBid:VHN-149400

Trust: 0.1

sources: VULHUB: VHN-149400 // BID: 108030 // JVNDB: JVNDB-2019-003537 // CNNVD: CNNVD-201904-835 // NVD: CVE-2019-1718

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ise-ssl-dos

Trust: 2.6

url:http://www.securityfocus.com/bid/108030

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1718

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1718

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ise-xss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79294

Trust: 0.6

sources: VULHUB: VHN-149400 // BID: 108030 // JVNDB: JVNDB-2019-003537 // CNNVD: CNNVD-201904-835 // NVD: CVE-2019-1718

CREDITS

Luca Napolitano and Gabriele Gristina .

Trust: 0.6

sources: CNNVD: CNNVD-201904-835

SOURCES

db:VULHUBid:VHN-149400
db:BIDid:108030
db:JVNDBid:JVNDB-2019-003537
db:CNNVDid:CNNVD-201904-835
db:NVDid:CVE-2019-1718

LAST UPDATE DATE

2024-08-14T14:12:28.748000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149400date:2020-10-07T00:00:00
db:BIDid:108030date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003537date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-835date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1718date:2020-10-07T19:02:35

SOURCES RELEASE DATE

db:VULHUBid:VHN-149400date:2019-04-17T00:00:00
db:BIDid:108030date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003537date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-835date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1718date:2019-04-17T22:29:00.530