ID

VAR-201908-0844


CVE

CVE-2019-1962


TITLE

Cisco NX-OS Software Cisco Fabric Services Component Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-32060 // CNNVD: CNNVD-201908-2150

DESCRIPTION

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information. Cisco NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Nexus 3000 Series Switches and others are products of Cisco. The Cisco Nexus 3000 Series Switches is a 3000 Series switch. The Cisco Nexus 3500 Platform Switches is a 3500 Series platform switch. The Cisco MDS 9000 Series Multilayer Switches are an MDS 9000 Series multilayer switch. Cisco NX-OS Software is a data center-level operating system software used by a switch

Trust: 2.34

sources: NVD: CVE-2019-1962 // JVNDB: JVNDB-2019-008912 // CNVD: CNVD-2019-32060 // VULHUB: VHN-152084 // VULMON: CVE-2019-1962

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-32060

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.1

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.0\(2\)a8\(11\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(6\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(5\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)f

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:5.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(29\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i4\(9\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:3.2\(3i\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:4.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:9.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:4.0\(2d\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.1\(5\)n1\(1b\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(4\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3600

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:nexus r-series switching platformscope:eqversion:9500

Trust: 0.6

sources: CNVD: CNVD-2019-32060 // JVNDB: JVNDB-2019-008912 // NVD: CVE-2019-1962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1962
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1962
value: HIGH

Trust: 1.0

NVD: CVE-2019-1962
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-32060
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-2150
value: HIGH

Trust: 0.6

VULHUB: VHN-152084
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1962
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1962
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-32060
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-152084
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1962
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1962
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-32060 // VULHUB: VHN-152084 // VULMON: CVE-2019-1962 // JVNDB: JVNDB-2019-008912 // CNNVD: CNNVD-201908-2150 // NVD: CVE-2019-1962 // NVD: CVE-2019-1962

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-152084 // JVNDB: JVNDB-2019-008912 // NVD: CVE-2019-1962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2150

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2150

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008912

PATCH

title:cisco-sa-20190828-nxos-fsip-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

Trust: 0.8

title:Cisco NX-OS Software Cisco Fabric Services Component Enter Patch for Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/181049

Trust: 0.6

title:Cisco NX-OS Software Cisco Fabric Services Fixes for component input validation error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97635

Trust: 0.6

title:Cisco: Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190828-nxos-fsip-dos

Trust: 0.1

sources: CNVD: CNVD-2019-32060 // VULMON: CVE-2019-1962 // JVNDB: JVNDB-2019-008912 // CNNVD: CNNVD-201908-2150

EXTERNAL IDS

db:NVDid:CVE-2019-1962

Trust: 3.2

db:JVNDBid:JVNDB-2019-008912

Trust: 0.8

db:CNNVDid:CNNVD-201908-2150

Trust: 0.7

db:CNVDid:CNVD-2019-32060

Trust: 0.6

db:AUSCERTid:ESB-2019.3276.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3276

Trust: 0.6

db:VULHUBid:VHN-152084

Trust: 0.1

db:VULMONid:CVE-2019-1962

Trust: 0.1

sources: CNVD: CNVD-2019-32060 // VULHUB: VHN-152084 // VULMON: CVE-2019-1962 // JVNDB: JVNDB-2019-008912 // CNNVD: CNNVD-201908-2150 // NVD: CVE-2019-1962

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-fsip-dos

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-1962

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1962

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-snmp-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-memleak-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-ntp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-api-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-ipv6-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-fxnxos-snmp-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-denial-of-service-via-fabric-services-over-ip-30188

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3276.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3276/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-32060 // VULHUB: VHN-152084 // VULMON: CVE-2019-1962 // JVNDB: JVNDB-2019-008912 // CNNVD: CNNVD-201908-2150 // NVD: CVE-2019-1962

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-2150

SOURCES

db:CNVDid:CNVD-2019-32060
db:VULHUBid:VHN-152084
db:VULMONid:CVE-2019-1962
db:JVNDBid:JVNDB-2019-008912
db:CNNVDid:CNNVD-201908-2150
db:NVDid:CVE-2019-1962

LAST UPDATE DATE

2024-08-14T13:44:47.767000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-32060date:2019-09-19T00:00:00
db:VULHUBid:VHN-152084date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1962date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008912date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2150date:2019-10-10T00:00:00
db:NVDid:CVE-2019-1962date:2019-10-09T23:48:41.037

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-32060date:2019-09-19T00:00:00
db:VULHUBid:VHN-152084date:2019-08-28T00:00:00
db:VULMONid:CVE-2019-1962date:2019-08-28T00:00:00
db:JVNDBid:JVNDB-2019-008912date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2150date:2019-08-28T00:00:00
db:NVDid:CVE-2019-1962date:2019-08-28T19:15:10.867