ID

VAR-201908-0845


CVE

CVE-2019-1963


TITLE

Cisco FXOS Software and Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008913

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco FXOS Software and Cisco NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco MDS 9000 Series Multilayer Switches is a MDS 9000 series multilayer switch. The following products and versions are affected: Cisco Firepower 4100 Series; Firepower 9300 Security Appliances; MDS 9000 Series Multilayer Switches; Nexus 1000 Virtual Edge for VMware vSphere; Nexus 1000V Switch for Microsoft Hyper-V; Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 5500 Platform Switches; Nexus 5600 Platform Switches; Nexus 6000 Series Switches; Nexus 7000

Trust: 1.71

sources: NVD: CVE-2019-1963 // JVNDB: JVNDB-2019-008913 // VULHUB: VHN-152095

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:8.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:14.1\(1i\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.2\(0\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:5.2

Trust: 1.0

vendor:ciscomodel:fx-osscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:9.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:14.1

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.4

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:9.2\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.3

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.2.2.91

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.4.1.222

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.3\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:14.1\(1i\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:5.2\(1\)sv3\(4.1a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i4

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(6\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(5\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)f

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(29\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:5.2\(1\)sv5\(1.2\)

Trust: 1.0

vendor:ciscomodel:fx-osscope:ltversion:2.3.1.130

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:14.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:14.0\(2c\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i4\(9\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:13.2\(7k\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.1\(5\)n1\(1b\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:5.2

Trust: 1.0

vendor:ciscomodel:fx-osscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008913 // NVD: CVE-2019-1963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1963
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1963
value: HIGH

Trust: 1.0

NVD: CVE-2019-1963
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-2147
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152095
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1963
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152095
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1963
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1963
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-152095 // JVNDB: JVNDB-2019-008913 // CNNVD: CNNVD-201908-2147 // NVD: CVE-2019-1963 // NVD: CVE-2019-1963

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-152095 // JVNDB: JVNDB-2019-008913 // NVD: CVE-2019-1963

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2147

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2147

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008913

PATCH

title:cisco-sa-20190828-fxnxos-snmp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

Trust: 0.8

title:Cisco NX-OS Software and Cisco FXOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97632

Trust: 0.6

sources: JVNDB: JVNDB-2019-008913 // CNNVD: CNNVD-201908-2147

EXTERNAL IDS

db:NVDid:CVE-2019-1963

Trust: 2.5

db:JVNDBid:JVNDB-2019-008913

Trust: 0.8

db:CNNVDid:CNNVD-201908-2147

Trust: 0.7

db:AUSCERTid:ESB-2019.3276.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3276

Trust: 0.6

db:VULHUBid:VHN-152095

Trust: 0.1

sources: VULHUB: VHN-152095 // JVNDB: JVNDB-2019-008913 // CNNVD: CNNVD-201908-2147 // NVD: CVE-2019-1963

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-fxnxos-snmp-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1963

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1963

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-snmp-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-memleak-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-ntp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-api-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-ipv6-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190828-nxos-fsip-dos

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3276.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3276/

Trust: 0.6

sources: VULHUB: VHN-152095 // JVNDB: JVNDB-2019-008913 // CNNVD: CNNVD-201908-2147 // NVD: CVE-2019-1963

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-2147

SOURCES

db:VULHUBid:VHN-152095
db:JVNDBid:JVNDB-2019-008913
db:CNNVDid:CNNVD-201908-2147
db:NVDid:CVE-2019-1963

LAST UPDATE DATE

2024-08-14T13:44:47.803000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-152095date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008913date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2147date:2019-10-10T00:00:00
db:NVDid:CVE-2019-1963date:2019-10-09T23:48:41.363

SOURCES RELEASE DATE

db:VULHUBid:VHN-152095date:2019-08-28T00:00:00
db:JVNDBid:JVNDB-2019-008913date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2147date:2019-08-28T00:00:00
db:NVDid:CVE-2019-1963date:2019-08-28T19:15:10.913