Details of VAR-201905-0596

ID

VAR-201905-0596

CVE

CVE-2019-1858

TITLE

Cisco FXOS and NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004656

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco FXOS and NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Softwares are prone to an denial-of-service vulnerability An attacker can exploit this issue to restart the affected system, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvc58707, CSCvd45657, CSCvn19457, CSCvn19463, CSCvn19464, CSCvn19465, CSCvn19468 and CSCvn19483. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco FXOS Software is a set of firewall software that runs on Cisco security appliances. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco MDS 9000 Series Multilayer Switches is a MDS 9000 series multilayer switch. Cisco NX-OS Software is a set of data center-level operating system software used by switches. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Firepower 4100 Series; Firepower 9300 Security Appliances; MDS 9000 Series Multilayer Switches; Nexus 1000V Switch for Microsoft Hyper-V; Nexus 1000V Switch for VMware vSphere; Nexus 3000 Series Switches; 5500 Platform Switches; Nexus 5600 Platform Switches; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Fabric Switches in Application Centric Infrastructure

Trust: 1.98

sources: NVD: CVE-2019-1858 // JVNDB: JVNDB-2019-004656 // BID: 108358 // VULHUB: VHN-150940

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	lt	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.6.1.131	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	14.1\(1i\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.2\(0\)d1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	gte	version:	2.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.0\(2\)a8\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(22\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	14.1	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	lt	version:	2.2.2.91	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(1\)	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	lt	version:	2.4.1.222	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	5.2\(1\)sv3\(4.1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i4\(8\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i7	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	lt	version:	2.3.1.130	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	14.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.1\(5\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.6	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(4\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	fx-os	scope:	gte	version:	2.4	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	14.1	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	14.0	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	13.2	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	13.1	Trust: 0.3
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus switch for vmware vsphere	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	nexus switch for microsoft hyper-v	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	firepower security appliances	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.1(1)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.3 n1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.2 d1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.1 n1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(11)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(10)	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 5.2 sv3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 5.2 sm3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 14.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 14.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.6.1.131	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.4.1.222	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.3.1.130	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	ne	version:	2.2.2.91	Trust: 0.3

sources: BID: 108358 // JVNDB: JVNDB-2019-004656 // NVD: CVE-2019-1858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1858
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1858
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1858
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-707
value:	HIGH
Trust: 0.6
VULHUB:	VHN-150940
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1858
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150940
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1858
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1858
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1858
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-150940 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858 // NVD: CVE-2019-1858

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-755	Trust: 1.1

sources: VULHUB: VHN-150940 // JVNDB: JVNDB-2019-004656 // NVD: CVE-2019-1858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-707

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-707

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004656

PATCH

title:	cisco-sa-20190515-nxos-snmp-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos	Trust: 0.8
title:	Cisco NX-OS Software and Cisco FXOS Software Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=92831	Trust: 0.6

sources: JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1858	Trust: 2.8
db:	BID	id:	108358	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004656	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-707	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1759.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1759.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1759.5	Trust: 0.6
db:	VULHUB	id:	VHN-150940	Trust: 0.1

sources: VULHUB: VHN-150940 // BID: 108358 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858

REFERENCES

url:	http://www.securityfocus.com/bid/108358	Trust: 2.9
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-snmp-dos	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1858	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1858	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-conf-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1795	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1759.5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1759.4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1759.3/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-memory-leak-via-snmp-29320	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81118	Trust: 0.6

sources: VULHUB: VHN-150940 // BID: 108358 // JVNDB: JVNDB-2019-004656 // CNNVD: CNNVD-201905-707 // NVD: CVE-2019-1858

CREDITS

Cisco

Trust: 0.9

sources: BID: 108358 // CNNVD: CNNVD-201905-707

SOURCES

db:	VULHUB	id:	VHN-150940
db:	BID	id:	108358
db:	JVNDB	id:	JVNDB-2019-004656
db:	CNNVD	id:	CNNVD-201905-707
db:	NVD	id:	CVE-2019-1858

LAST UPDATE DATE

2024-08-14T13:26:30.383000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150940	date:	2020-10-16T00:00:00
db:	BID	id:	108358	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004656	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-707	date:	2023-04-21T00:00:00
db:	NVD	id:	CVE-2019-1858	date:	2023-04-20T14:47:11.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150940	date:	2019-05-16T00:00:00
db:	BID	id:	108358	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004656	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-707	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1858	date:	2019-05-16T02:29:00.670