ID

VAR-201905-0596


CVE

CVE-2019-1858


TITLE

Cisco FXOS and NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004656

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco FXOS and NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Softwares are prone to an denial-of-service vulnerability An attacker can exploit this issue to restart the affected system, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvc58707, CSCvd45657, CSCvn19457, CSCvn19463, CSCvn19464, CSCvn19465, CSCvn19468 and CSCvn19483. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco FXOS Software is a set of firewall software that runs on Cisco security appliances. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco MDS 9000 Series Multilayer Switches is a MDS 9000 series multilayer switch. Cisco NX-OS Software is a set of data center-level operating system software used by switches. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Firepower 4100 Series; Firepower 9300 Security Appliances; MDS 9000 Series Multilayer Switches; Nexus 1000V Switch for Microsoft Hyper-V; Nexus 1000V Switch for VMware vSphere; Nexus 3000 Series Switches; 5500 Platform Switches; Nexus 5600 Platform Switches; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Fabric Switches in Application Centric Infrastructure

Trust: 1.98

sources: NVD: CVE-2019-1858 // JVNDB: JVNDB-2019-004656 // BID: 108358 // VULHUB: VHN-150940

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:ltversion:8.1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.6.1.131

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:14.1\(1i\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.2\(0\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:fx-osscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.0\(2\)a8\(4\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:14.1

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.2.2.91

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)f3\(1\)

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.4.1.222

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:5.2\(1\)sv3\(4.1a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i4\(8\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.3.1.130

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:14.0\(2c\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.1\(5\)n1\(1b\)

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.6

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(4\)n1\(1a\)

Trust: 1.0

vendor:ciscomodel:fx-osscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i4scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.0(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:nx-os 6.0 a8scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:14.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:14.0

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:13.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:13.1

Trust: 0.3

vendor:ciscomodel:nexus r-series switching platformscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series fabric switches aci modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:60000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:56000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:55000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nexus switch for vmware vspherescope:eqversion:1000v0

Trust: 0.3

vendor:ciscomodel:nexus switch for microsoft hyper-vscope:eqversion:1000v0

Trust: 0.3

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:fxosscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:fxosscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:fxosscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:firepower security appliancesscope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.1(1)

Trust: 0.3

vendor:ciscomodel:nx-os 7.3 n1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.2 d1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.1 n1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 f3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(11)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(10)

Trust: 0.3

vendor:ciscomodel:nx-os 6.0 a8scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 5.2 sv3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 5.2 sm3scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 14.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 14.0scope:neversion: -

Trust: 0.3

vendor:ciscomodel:fxosscope:neversion:2.6.1.131

Trust: 0.3

vendor:ciscomodel:fxosscope:neversion:2.4.1.222

Trust: 0.3

vendor:ciscomodel:fxosscope:neversion:2.3.1.130

Trust: 0.3

vendor:ciscomodel:fxosscope:neversion:2.2.2.91

Trust: 0.3

sources: BID: 108358 // JVNDB: JVNDB-2019-004656 // NVD: CVE-2019-1858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1858
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1858
value: HIGH

Trust: 1.0

NVD: CVE-2019-1858
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-707
value: HIGH

Trust: 0.6

VULHUB: VHN-150940
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1858
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150940
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1858
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1858
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1858
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150940 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858 // NVD: CVE-2019-1858

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-755

Trust: 1.1

sources: VULHUB: VHN-150940 // JVNDB: JVNDB-2019-004656 // NVD: CVE-2019-1858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-707

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-707

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004656

PATCH

title:cisco-sa-20190515-nxos-snmp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos

Trust: 0.8

title:Cisco NX-OS Software and Cisco FXOS Software Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=92831

Trust: 0.6

sources: JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707

EXTERNAL IDS

db:NVDid:CVE-2019-1858

Trust: 2.8

db:BIDid:108358

Trust: 2.0

db:JVNDBid:JVNDB-2019-004656

Trust: 0.8

db:CNNVDid:CNNVD-201905-707

Trust: 0.7

db:AUSCERTid:ESB-2019.1759.4

Trust: 0.6

db:AUSCERTid:ESB-2019.1759.3

Trust: 0.6

db:AUSCERTid:ESB-2019.1759.5

Trust: 0.6

db:VULHUBid:VHN-150940

Trust: 0.1

sources: VULHUB: VHN-150940 // BID: 108358 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858

REFERENCES

url:http://www.securityfocus.com/bid/108358

Trust: 2.9

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-snmp-dos

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-1858

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1858

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-conf-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1795

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1759.5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1759.4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1759.3/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-memory-leak-via-snmp-29320

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81118

Trust: 0.6

sources: VULHUB: VHN-150940 // BID: 108358 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858

CREDITS

Cisco

Trust: 0.9

sources: BID: 108358 // CNNVD: CNNVD-201905-707

SOURCES

db:VULHUBid:VHN-150940
db:BIDid:108358
db:JVNDBid:JVNDB-2019-004656
db:CNNVDid:CNNVD-201905-707
db:NVDid:CVE-2019-1858

LAST UPDATE DATE

2024-08-14T13:26:30.383000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150940date:2020-10-16T00:00:00
db:BIDid:108358date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004656date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-707date:2023-04-21T00:00:00
db:NVDid:CVE-2019-1858date:2023-04-20T14:47:11.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-150940date:2019-05-16T00:00:00
db:BIDid:108358date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004656date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-707date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1858date:2019-05-16T02:29:00.670