Sign-up

ID

VAR-201904-0241


CVE

CVE-2019-1718


TITLE

Cisco Identity Services Engine Vulnerabilities in resource management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003537

DESCRIPTION

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvo10487. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a resource management error vulnerability in the web interface of Cisco ISE version 2.1, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1718 // JVNDB: JVNDB-2019-003537 // BID: 108030 // VULHUB: VHN-149400

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(0.907\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.1

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:2.1(0.907)

Trust: 0.3

sources: BID: 108030 // JVNDB: JVNDB-2019-003537 // NVD: CVE-2019-1718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1718
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1718
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-835
value: HIGH

Trust: 0.6

VULHUB: VHN-149400
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1718
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149400
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1718
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1718
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1718
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149400 // JVNDB: JVNDB-2019-003537 // CNNVD: CNNVD-201904-835 // NVD: CVE-2019-1718 // NVD: CVE-2019-1718

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-149400 // JVNDB: JVNDB-2019-003537 // NVD: CVE-2019-1718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-835

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-835

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003537

PATCH
title:cisco-sa-20190417-ise-ssl-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ise-ssl-dos
Trust: 0.8
title:Cisco Identity Services Engine Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91670
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003537 // 
            
            
            
            CNNVD: CNNVD-201904-835

EXTERNAL IDS
db:NVDid:CVE-2019-1718
Trust: 2.8
db:BIDid:108030
Trust: 2.0
db:JVNDBid:JVNDB-2019-003537
Trust: 0.8
db:CNNVDid:CNNVD-201904-835
Trust: 0.7
db:AUSCERTid:ESB-2019.1332
Trust: 0.6
db:VULHUBid:VHN-149400
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149400 // 
            
            
            
            BID: 108030 // 
            
            
            
            JVNDB: JVNDB-2019-003537 // 
            
            
            
            CNNVD: CNNVD-201904-835 // 
            
            
            
            NVD: CVE-2019-1718

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ise-ssl-dos
Trust: 2.6
url:http://www.securityfocus.com/bid/108030
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1718
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1718
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ise-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79294
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149400 // 
            
            
            
            BID: 108030 // 
            
            
            
            JVNDB: JVNDB-2019-003537 // 
            
            
            
            CNNVD: CNNVD-201904-835 // 
            
            
            
            NVD: CVE-2019-1718

CREDITS
Luca Napolitano and Gabriele Gristina .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-835

SOURCES
db:VULHUBid:VHN-149400
db:BIDid:108030
db:JVNDBid:JVNDB-2019-003537
db:CNNVDid:CNNVD-201904-835
db:NVDid:CVE-2019-1718

LAST UPDATE DATE
2024-08-14T14:12:28.748000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149400date:2020-10-07T00:00:00
db:BIDid:108030date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003537date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-835date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1718date:2020-10-07T19:02:35

SOURCES RELEASE DATE
db:VULHUBid:VHN-149400date:2019-04-17T00:00:00
db:BIDid:108030date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003537date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-835date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1718date:2019-04-17T22:29:00.530