Sign-up

ID

VAR-201905-0512


CVE

CVE-2019-1814


TITLE

Cisco Small Business 300 Series Managed Switch Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-004727

DESCRIPTION

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. Cisco Small Business 300 Series (Sx300) Managed Switch Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches is a switch device from Cisco. This issue is being tracked by Cisco Bug ID CSCvn17215. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.52

sources: NVD: CVE-2019-1814 // JVNDB: JVNDB-2019-004727 // CNVD: CNVD-2019-14707 // BID: 108344 // VULHUB: VHN-150456

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-14707

AFFECTED PRODUCTS

vendor:ciscomodel:sf300-48scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-28ppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-48pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-48ppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-08scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-24pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-24scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-28scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-52scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf302-08scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-24mpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-28mpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf302-08mppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10mppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-52mpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf302-08ppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-28pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf302-08mpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf302-08pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10ppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10sfpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-20scope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sf300-24ppscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10mpscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-10pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:sg300-52pscope:ltversion:1.4.10.6

Trust: 1.0

vendor:ciscomodel:small business series managed switchesscope:eqversion:3001.4.9.0

Trust: 0.9

vendor:ciscomodel:small business series managed switchesscope:eqversion:3001.4.0.88

Trust: 0.9

vendor:ciscomodel:small business 300 series managed switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:sx300 switchesscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2019-14707 // BID: 108344 // JVNDB: JVNDB-2019-004727 // NVD: CVE-2019-1814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1814
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1814
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1814
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-14707
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-691
value: HIGH

Trust: 0.6

VULHUB: VHN-150456
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1814
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14707
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-150456
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1814
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1814
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1814
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-14707 // VULHUB: VHN-150456 // JVNDB: JVNDB-2019-004727 // CNNVD: CNNVD-201905-691 // NVD: CVE-2019-1814 // NVD: CVE-2019-1814

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

problemtype:CWE-401

Trust: 0.1

sources: VULHUB: VHN-150456 // JVNDB: JVNDB-2019-004727 // NVD: CVE-2019-1814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-691

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-691

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004727

PATCH
title:cisco-sa-20190515-sb300sms-dhcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp
Trust: 0.8
title:Patch for CiscoSmallBusiness300SeriesManagedSwitches Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/161607
Trust: 0.6
title:Cisco Small Business 300 Series Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92815
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14707 // 
            
            
            
            JVNDB: JVNDB-2019-004727 // 
            
            
            
            CNNVD: CNNVD-201905-691

EXTERNAL IDS
db:NVDid:CVE-2019-1814
Trust: 3.4
db:BIDid:108344
Trust: 2.0
db:JVNDBid:JVNDB-2019-004727
Trust: 0.8
db:CNNVDid:CNNVD-201905-691
Trust: 0.7
db:CNVDid:CNVD-2019-14707
Trust: 0.6
db:AUSCERTid:ESB-2019.1752
Trust: 0.6
db:VULHUBid:VHN-150456
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-14707 // 
            
            
            
            VULHUB: VHN-150456 // 
            
            
            
            BID: 108344 // 
            
            
            
            JVNDB: JVNDB-2019-004727 // 
            
            
            
            CNNVD: CNNVD-201905-691 // 
            
            
            
            NVD: CVE-2019-1814

REFERENCES
url:http://www.securityfocus.com/bid/108344
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb300sms-dhcp
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1814
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1814
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2019-1814
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb-snmpdos
Trust: 0.6
url:https://www.auscert.org.au/bulletins/81090
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14707 // 
            
            
            
            VULHUB: VHN-150456 // 
            
            
            
            BID: 108344 // 
            
            
            
            JVNDB: JVNDB-2019-004727 // 
            
            
            
            CNNVD: CNNVD-201905-691 // 
            
            
            
            NVD: CVE-2019-1814

CREDITS
Daniel O'Connor from Genesis Software,Daniel O’Connor from Genesis Software
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-691

SOURCES
db:CNVDid:CNVD-2019-14707
db:VULHUBid:VHN-150456
db:BIDid:108344
db:JVNDBid:JVNDB-2019-004727
db:CNNVDid:CNNVD-201905-691
db:NVDid:CVE-2019-1814

LAST UPDATE DATE
2024-11-23T22:58:40.736000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-14707date:2019-05-17T00:00:00
db:VULHUBid:VHN-150456date:2020-10-16T00:00:00
db:BIDid:108344date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004727date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-691date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1814date:2024-11-21T04:37:26.363

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-14707date:2019-05-17T00:00:00
db:VULHUBid:VHN-150456date:2019-05-16T00:00:00
db:BIDid:108344date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004727date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-691date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1814date:2019-05-16T00:29:00.260