Details of VAR-201905-0529

ID

VAR-201905-0529

CVE

CVE-2019-1806

TITLE

plural Cisco Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004726

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. plural Cisco The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusinessSwitch is the core series switch of cisco. The vulnerability stems from a network system or product that does not properly validate the input data. This issue is being tracked by Cisco Bug IDs CSCvn49346, CSCvn93730

Trust: 2.43

sources: NVD: CVE-2019-1806 // JVNDB: JVNDB-2019-004726 // CNVD: CNVD-2019-14709 // BID: 108335

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14709

AFFECTED PRODUCTS

vendor:	cisco	model:	esw2-350g52dc	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250x-24	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sx550x-12f	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg550x-24mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg350-10mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf300-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-08	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250x-48p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf302-08	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-52mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg550x-24mpp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250-08	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg550x-24	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250-18	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf302-08mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sx550x-52	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg300-10pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250x-48	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg300-10sfp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg350-28p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf500-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf550x-48p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf350-48p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250-10p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf500-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250-26	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg350-10p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500x-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf550x-48	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf200-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg550x-48mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf300-48pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf550x-48mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg300-28	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x-48mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-26	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250-50p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500x-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf250-48	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg300-10	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-18	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-48mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x24mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250-50hp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250x-24p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf250-24p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sx550x-24ft	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf550x-24	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg550x-48	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg550x-48p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg300-20	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-52	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf250-48hp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg355-10p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	esw2-550x48dc	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg550x-24p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf550x-24mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg200-26p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-50p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf250-24	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf302-08mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250-26hp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500xg8f8t	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg250-50	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500x-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf350-48	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sx550x-24f	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sx550x-24	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500-52p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28sfp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg350-28	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sx550x-16ft	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250-26p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf550x-24p	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg250-08hp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sf200-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf350-48mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg350-28mp	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg200-50	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-24mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg350-10	scope:	lt	version:	2.5.0.78	Trust: 1.0
vendor:	cisco	model:	sg500x-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	small business esw2 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx200 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx250 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx300 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx350 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx500 series managed switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx550 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business sx200 series managed switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business sx300 series managed switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business sx500 series managed switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business esw2 series managed switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business sx250 series switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business sx350 series switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business sx550 series switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sx550 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sx500 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sx350 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sx300 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sx250 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	sx200 switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business series stackable managed switches	scope:	eq	version:	5002.4.0.94	Trust: 0.3
vendor:	cisco	model:	esw2 series managed switches	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2019-14709 // BID: 108335 // JVNDB: JVNDB-2019-004726 // NVD: CVE-2019-1806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1806
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1806
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1806
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-14709
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-675
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-1806
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14709
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-1806
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1806
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1806
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-14709 // JVNDB: JVNDB-2019-004726 // CNNVD: CNNVD-201905-675 // NVD: CVE-2019-1806 // NVD: CVE-2019-1806

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-400	Trust: 0.8

sources: JVNDB: JVNDB-2019-004726 // NVD: CVE-2019-1806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-675

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-675

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004726

PATCH

title:	cisco-sa-20190515-sb-snmpdos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos	Trust: 0.8
title:	Patches for multiple Cisco product input verification error vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/161529	Trust: 0.6
title:	Multiple Cisco Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92799	Trust: 0.6

sources: CNVD: CNVD-2019-14709 // JVNDB: JVNDB-2019-004726 // CNNVD: CNNVD-201905-675

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1806	Trust: 3.3
db:	BID	id:	108335	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-004726	Trust: 0.8
db:	CNVD	id:	CNVD-2019-14709	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1752	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-675	Trust: 0.6

sources: CNVD: CNVD-2019-14709 // BID: 108335 // JVNDB: JVNDB-2019-004726 // CNNVD: CNNVD-201905-675 // NVD: CVE-2019-1806

REFERENCES

url:	http://www.securityfocus.com/bid/108335	Trust: 2.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb-snmpdos	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1806	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1806	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-1806	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81090	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2019-14709 // BID: 108335 // JVNDB: JVNDB-2019-004726 // CNNVD: CNNVD-201905-675 // NVD: CVE-2019-1806

CREDITS

Patrick S. Stuckenberger of August Manser AG

Trust: 0.9

sources: BID: 108335 // CNNVD: CNNVD-201905-675

SOURCES

db:	CNVD	id:	CNVD-2019-14709
db:	BID	id:	108335
db:	JVNDB	id:	JVNDB-2019-004726
db:	CNNVD	id:	CNNVD-201905-675
db:	NVD	id:	CVE-2019-1806

LAST UPDATE DATE

2024-11-23T22:58:40.702000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14709	date:	2019-05-17T00:00:00
db:	BID	id:	108335	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004726	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-675	date:	2019-10-15T00:00:00
db:	NVD	id:	CVE-2019-1806	date:	2024-11-21T04:37:25.137

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14709	date:	2019-05-17T00:00:00
db:	BID	id:	108335	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004726	date:	2019-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-675	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1806	date:	2019-05-15T22:29:00.247