Sign-up

ID

VAR-201904-0431


CVE

CVE-2019-1840


TITLE

Cisco Prime Network Registrar Initialization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003526

DESCRIPTION

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected. Cisco Prime Network Registrar Contains an initialization vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn20662. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)

Trust: 1.98

sources: NVD: CVE-2019-1840 // JVNDB: JVNDB-2019-003526 // BID: 108033 // VULHUB: VHN-150742

AFFECTED PRODUCTS

vendor:ciscomodel:prime network registrarscope:ltversion:8.3.7

Trust: 1.0

vendor:ciscomodel:prime network registrarscope:ltversion:9.1.2

Trust: 1.0

vendor:ciscomodel:prime network registrarscope:gteversion:9.0

Trust: 1.0

vendor:ciscomodel:prime network registrarscope:ltversion:8.3(7)

Trust: 0.8

vendor:ciscomodel:prime network registrarscope:ltversion:9.1(2)

Trust: 0.8

vendor:ciscomodel:network registrarscope:eqversion:8.3(4.1)

Trust: 0.3

sources: BID: 108033 // JVNDB: JVNDB-2019-003526 // NVD: CVE-2019-1840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1840
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1840
value: HIGH

Trust: 1.0

NVD: CVE-2019-1840
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-838
value: HIGH

Trust: 0.6

VULHUB: VHN-150742
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1840
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150742
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1840
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1840
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-150742 // JVNDB: JVNDB-2019-003526 // CNNVD: CNNVD-201904-838 // NVD: CVE-2019-1840 // NVD: CVE-2019-1840

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.9

sources: VULHUB: VHN-150742 // JVNDB: JVNDB-2019-003526 // NVD: CVE-2019-1840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-838

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201904-838

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003526

PATCH
title:cisco-sa-20190417-pnr-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos
Trust: 0.8
title:Cisco Prime Network Registrar Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91673
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003526 // 
            
            
            
            CNNVD: CNNVD-201904-838

EXTERNAL IDS
db:NVDid:CVE-2019-1840
Trust: 2.8
db:BIDid:108033
Trust: 2.0
db:JVNDBid:JVNDB-2019-003526
Trust: 0.8
db:CNNVDid:CNNVD-201904-838
Trust: 0.7
db:AUSCERTid:ESB-2019.1339
Trust: 0.6
db:VULHUBid:VHN-150742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150742 // 
            
            
            
            BID: 108033 // 
            
            
            
            JVNDB: JVNDB-2019-003526 // 
            
            
            
            CNNVD: CNNVD-201904-838 // 
            
            
            
            NVD: CVE-2019-1840

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-pnr-dos
Trust: 2.6
url:http://www.securityfocus.com/bid/108033
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1840
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1840
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79330
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150742 // 
            
            
            
            BID: 108033 // 
            
            
            
            JVNDB: JVNDB-2019-003526 // 
            
            
            
            CNNVD: CNNVD-201904-838 // 
            
            
            
            NVD: CVE-2019-1840

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 108033 // 
            
            
            
            CNNVD: CNNVD-201904-838

SOURCES
db:VULHUBid:VHN-150742
db:BIDid:108033
db:JVNDBid:JVNDB-2019-003526
db:CNNVDid:CNNVD-201904-838
db:NVDid:CVE-2019-1840

LAST UPDATE DATE
2024-11-23T23:11:53.917000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150742date:2019-10-09T00:00:00
db:BIDid:108033date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003526date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-838date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1840date:2024-11-21T04:37:30.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-150742date:2019-04-18T00:00:00
db:BIDid:108033date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003526date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-838date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1840date:2019-04-18T02:29:06.060