Sign-up

ID

VAR-201908-0835


CVE

CVE-2019-1957


TITLE

Cisco IoT Field Network Director Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007628

DESCRIPTION

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. Cisco IoT Field Network Director Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The system has functions such as equipment management, asset tracking and intelligent metering. The web management interface in Cisco IoT-FND versions prior to 4.4.2-11 has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.79

sources: NVD: CVE-2019-1957 // JVNDB: JVNDB-2019-007628 // CNVD: CNVD-2020-18571 // CNNVD: CNNVD-201908-564 // VULHUB: VHN-152029

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-18571

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:4.4.2-11

Trust: 1.6

vendor:ciscomodel:iot field network directorscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2020-18571 // JVNDB: JVNDB-2019-007628 // NVD: CVE-2019-1957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1957
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1957
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1957
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-18571
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-564
value: HIGH

Trust: 0.6

VULHUB: VHN-152029
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1957
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-18571
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-152029
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1957
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1957
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1957
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-18571 // VULHUB: VHN-152029 // JVNDB: JVNDB-2019-007628 // CNNVD: CNNVD-201908-564 // NVD: CVE-2019-1957 // NVD: CVE-2019-1957

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-152029 // JVNDB: JVNDB-2019-007628 // NVD: CVE-2019-1957

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-564

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-564

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007628

PATCH
title:cisco-sa-20190807-fnd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos
Trust: 0.8
title:Patch for Cisco IoT Field Network Director Resource Management Error Vulnerability (CNVD-2020-18571)url:https://www.cnvd.org.cn/patchInfo/show/210123
Trust: 0.6
title:Cisco IoT Field Network Director Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96261
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18571 // 
            
            
            
            JVNDB: JVNDB-2019-007628 // 
            
            
            
            CNNVD: CNNVD-201908-564

EXTERNAL IDS
db:NVDid:CVE-2019-1957
Trust: 3.1
db:JVNDBid:JVNDB-2019-007628
Trust: 0.8
db:CNVDid:CNVD-2020-18571
Trust: 0.7
db:CNNVDid:CNNVD-201908-564
Trust: 0.7
db:AUSCERTid:ESB-2019.2997
Trust: 0.6
db:VULHUBid:VHN-152029
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-18571 // 
            
            
            
            VULHUB: VHN-152029 // 
            
            
            
            JVNDB: JVNDB-2019-007628 // 
            
            
            
            CNNVD: CNNVD-201908-564 // 
            
            
            
            NVD: CVE-2019-1957

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-1957
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-fnd-dos
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1957
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2997/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-18571 // 
            
            
            
            VULHUB: VHN-152029 // 
            
            
            
            JVNDB: JVNDB-2019-007628 // 
            
            
            
            CNNVD: CNNVD-201908-564 // 
            
            
            
            NVD: CVE-2019-1957

SOURCES
db:CNVDid:CNVD-2020-18571
db:VULHUBid:VHN-152029
db:JVNDBid:JVNDB-2019-007628
db:CNNVDid:CNNVD-201908-564
db:NVDid:CVE-2019-1957

LAST UPDATE DATE
2024-11-23T22:51:41.782000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-18571date:2020-03-22T00:00:00
db:VULHUBid:VHN-152029date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007628date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-564date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1957date:2024-11-21T04:37:45.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-18571date:2020-03-22T00:00:00
db:VULHUBid:VHN-152029date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007628date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-564date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1957date:2019-08-08T08:15:12.647