CVE-2019-1746 (GCVE-0-2019-1746)
Vulnerability from cvelistv5
Published
2019-03-27 23:45
Modified
2024-11-21 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS and IOS XE Software |
Version: 3.2.0SG Version: 3.2.1SG Version: 3.2.2SG Version: 3.2.3SG Version: 3.2.4SG Version: 3.2.5SG Version: 3.2.6SG Version: 3.2.7SG Version: 3.2.8SG Version: 3.2.9SG Version: 3.2.10SG Version: 3.2.11SG Version: 3.3.0SG Version: 3.3.2SG Version: 3.3.1SG Version: 3.3.0XO Version: 3.3.1XO Version: 3.3.2XO Version: 3.4.0SG Version: 3.4.2SG Version: 3.4.1SG Version: 3.4.3SG Version: 3.4.4SG Version: 3.4.5SG Version: 3.4.6SG Version: 3.4.7SG Version: 3.4.8SG Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.10.4S Version: 3.12.0aS Version: 3.6.0E Version: 3.6.1E Version: 3.6.0aE Version: 3.6.0bE Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.8E Version: 3.6.7aE Version: 3.6.7bE Version: 3.6.9E Version: 3.6.10E Version: 3.3.0SQ Version: 3.3.1SQ Version: 3.4.0SQ Version: 3.4.1SQ Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.5.0SQ Version: 3.5.1SQ Version: 3.5.2SQ Version: 3.5.3SQ Version: 3.5.4SQ Version: 3.5.5SQ Version: 3.5.6SQ Version: 3.5.7SQ Version: 3.5.8SQ Version: 3.16.1S Version: 3.16.0bS Version: 3.16.10S Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 3.8.7E Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.9.2h Version: 3.10.0E Version: 3.10.1E Version: 3.10.0cE Version: 3.10.1aE Version: 3.10.1sE Version: 16.12.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107612"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:52.919534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:41:58.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0SG"
},
{
"status": "affected",
"version": "3.2.1SG"
},
{
"status": "affected",
"version": "3.2.2SG"
},
{
"status": "affected",
"version": "3.2.3SG"
},
{
"status": "affected",
"version": "3.2.4SG"
},
{
"status": "affected",
"version": "3.2.5SG"
},
{
"status": "affected",
"version": "3.2.6SG"
},
{
"status": "affected",
"version": "3.2.7SG"
},
{
"status": "affected",
"version": "3.2.8SG"
},
{
"status": "affected",
"version": "3.2.9SG"
},
{
"status": "affected",
"version": "3.2.10SG"
},
{
"status": "affected",
"version": "3.2.11SG"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.3.0XO"
},
{
"status": "affected",
"version": "3.3.1XO"
},
{
"status": "affected",
"version": "3.3.2XO"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.0aE"
},
{
"status": "affected",
"version": "3.6.0bE"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.3.0SQ"
},
{
"status": "affected",
"version": "3.3.1SQ"
},
{
"status": "affected",
"version": "3.4.0SQ"
},
{
"status": "affected",
"version": "3.4.1SQ"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.9.2h"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.1aE"
},
{
"status": "affected",
"version": "3.10.1sE"
},
{
"status": "affected",
"version": "16.12.1"
}
]
}
],
"datePublic": "2019-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T06:06:05.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107612"
}
],
"source": {
"advisory": "cisco-sa-20190327-cmp-dos",
"defect": [
[
"CSCvj25068",
"CSCvj25124"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1746",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.2.0SG"
},
{
"version_affected": "=",
"version_value": "3.2.1SG"
},
{
"version_affected": "=",
"version_value": "3.2.2SG"
},
{
"version_affected": "=",
"version_value": "3.2.3SG"
},
{
"version_affected": "=",
"version_value": "3.2.4SG"
},
{
"version_affected": "=",
"version_value": "3.2.5SG"
},
{
"version_affected": "=",
"version_value": "3.2.6SG"
},
{
"version_affected": "=",
"version_value": "3.2.7SG"
},
{
"version_affected": "=",
"version_value": "3.2.8SG"
},
{
"version_affected": "=",
"version_value": "3.2.9SG"
},
{
"version_affected": "=",
"version_value": "3.2.10SG"
},
{
"version_affected": "=",
"version_value": "3.2.11SG"
},
{
"version_affected": "=",
"version_value": "3.3.0SG"
},
{
"version_affected": "=",
"version_value": "3.3.2SG"
},
{
"version_affected": "=",
"version_value": "3.3.1SG"
},
{
"version_affected": "=",
"version_value": "3.3.0XO"
},
{
"version_affected": "=",
"version_value": "3.3.1XO"
},
{
"version_affected": "=",
"version_value": "3.3.2XO"
},
{
"version_affected": "=",
"version_value": "3.4.0SG"
},
{
"version_affected": "=",
"version_value": "3.4.2SG"
},
{
"version_affected": "=",
"version_value": "3.4.1SG"
},
{
"version_affected": "=",
"version_value": "3.4.3SG"
},
{
"version_affected": "=",
"version_value": "3.4.4SG"
},
{
"version_affected": "=",
"version_value": "3.4.5SG"
},
{
"version_affected": "=",
"version_value": "3.4.6SG"
},
{
"version_affected": "=",
"version_value": "3.4.7SG"
},
{
"version_affected": "=",
"version_value": "3.4.8SG"
},
{
"version_affected": "=",
"version_value": "3.5.0E"
},
{
"version_affected": "=",
"version_value": "3.5.1E"
},
{
"version_affected": "=",
"version_value": "3.5.2E"
},
{
"version_affected": "=",
"version_value": "3.5.3E"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.6.0E"
},
{
"version_affected": "=",
"version_value": "3.6.1E"
},
{
"version_affected": "=",
"version_value": "3.6.0aE"
},
{
"version_affected": "=",
"version_value": "3.6.0bE"
},
{
"version_affected": "=",
"version_value": "3.6.2aE"
},
{
"version_affected": "=",
"version_value": "3.6.2E"
},
{
"version_affected": "=",
"version_value": "3.6.3E"
},
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.8E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.6.9E"
},
{
"version_affected": "=",
"version_value": "3.6.10E"
},
{
"version_affected": "=",
"version_value": "3.3.0SQ"
},
{
"version_affected": "=",
"version_value": "3.3.1SQ"
},
{
"version_affected": "=",
"version_value": "3.4.0SQ"
},
{
"version_affected": "=",
"version_value": "3.4.1SQ"
},
{
"version_affected": "=",
"version_value": "3.7.0E"
},
{
"version_affected": "=",
"version_value": "3.7.1E"
},
{
"version_affected": "=",
"version_value": "3.7.2E"
},
{
"version_affected": "=",
"version_value": "3.7.3E"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.5.0SQ"
},
{
"version_affected": "=",
"version_value": "3.5.1SQ"
},
{
"version_affected": "=",
"version_value": "3.5.2SQ"
},
{
"version_affected": "=",
"version_value": "3.5.3SQ"
},
{
"version_affected": "=",
"version_value": "3.5.4SQ"
},
{
"version_affected": "=",
"version_value": "3.5.5SQ"
},
{
"version_affected": "=",
"version_value": "3.5.6SQ"
},
{
"version_affected": "=",
"version_value": "3.5.7SQ"
},
{
"version_affected": "=",
"version_value": "3.5.8SQ"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.10S"
},
{
"version_affected": "=",
"version_value": "3.8.0E"
},
{
"version_affected": "=",
"version_value": "3.8.1E"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "3.8.7E"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.9.2h"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.1E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
},
{
"version_affected": "=",
"version_value": "3.10.1aE"
},
{
"version_affected": "=",
"version_value": "3.10.1sE"
},
{
"version_affected": "=",
"version_value": "16.12.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107612"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-cmp-dos",
"defect": [
[
"CSCvj25068",
"CSCvj25124"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1746",
"datePublished": "2019-03-27T23:45:13.618Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2024-11-21T19:41:58.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:28:42.410Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-1746\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T18:59:52.919534Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T19:01:19.770Z\"}}], \"cna\": {\"title\": \"Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvj25068\", \"CSCvj25124\"]], \"advisory\": \"cisco-sa-20190327-cmp-dos\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS and IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.0SG\"}, {\"status\": \"affected\", \"version\": \"3.2.1SG\"}, {\"status\": \"affected\", \"version\": \"3.2.2SG\"}, {\"status\": \"affected\", \"version\": \"3.2.3SG\"}, {\"status\": \"affected\", \"version\": \"3.2.4SG\"}, {\"status\": \"affected\", \"version\": \"3.2.5SG\"}, {\"status\": \"affected\", \"version\": \"3.2.6SG\"}, {\"status\": \"affected\", \"version\": \"3.2.7SG\"}, {\"status\": \"affected\", \"version\": \"3.2.8SG\"}, {\"status\": \"affected\", \"version\": \"3.2.9SG\"}, {\"status\": \"affected\", \"version\": \"3.2.10SG\"}, {\"status\": \"affected\", \"version\": \"3.2.11SG\"}, {\"status\": \"affected\", \"version\": \"3.3.0SG\"}, {\"status\": \"affected\", \"version\": \"3.3.2SG\"}, {\"status\": \"affected\", \"version\": \"3.3.1SG\"}, {\"status\": \"affected\", \"version\": \"3.3.0XO\"}, {\"status\": \"affected\", \"version\": \"3.3.1XO\"}, {\"status\": \"affected\", \"version\": \"3.3.2XO\"}, {\"status\": \"affected\", \"version\": \"3.4.0SG\"}, {\"status\": \"affected\", \"version\": \"3.4.2SG\"}, {\"status\": \"affected\", \"version\": \"3.4.1SG\"}, {\"status\": \"affected\", \"version\": \"3.4.3SG\"}, {\"status\": \"affected\", \"version\": \"3.4.4SG\"}, {\"status\": \"affected\", \"version\": \"3.4.5SG\"}, {\"status\": \"affected\", \"version\": \"3.4.6SG\"}, {\"status\": \"affected\", \"version\": \"3.4.7SG\"}, {\"status\": \"affected\", \"version\": \"3.4.8SG\"}, {\"status\": \"affected\", \"version\": \"3.5.0E\"}, {\"status\": \"affected\", \"version\": \"3.5.1E\"}, {\"status\": \"affected\", \"version\": \"3.5.2E\"}, {\"status\": \"affected\", \"version\": \"3.5.3E\"}, {\"status\": \"affected\", \"version\": \"3.10.4S\"}, {\"status\": \"affected\", \"version\": \"3.12.0aS\"}, {\"status\": \"affected\", \"version\": \"3.6.0E\"}, {\"status\": \"affected\", \"version\": \"3.6.1E\"}, {\"status\": \"affected\", \"version\": \"3.6.0aE\"}, {\"status\": \"affected\", \"version\": \"3.6.0bE\"}, {\"status\": \"affected\", \"version\": \"3.6.2aE\"}, {\"status\": \"affected\", \"version\": \"3.6.2E\"}, {\"status\": \"affected\", \"version\": \"3.6.3E\"}, {\"status\": \"affected\", \"version\": \"3.6.4E\"}, {\"status\": \"affected\", \"version\": \"3.6.5E\"}, {\"status\": \"affected\", \"version\": \"3.6.6E\"}, {\"status\": \"affected\", \"version\": \"3.6.5aE\"}, {\"status\": \"affected\", \"version\": \"3.6.5bE\"}, {\"status\": \"affected\", \"version\": \"3.6.7E\"}, {\"status\": \"affected\", \"version\": \"3.6.8E\"}, {\"status\": \"affected\", \"version\": \"3.6.7aE\"}, {\"status\": \"affected\", \"version\": \"3.6.7bE\"}, {\"status\": \"affected\", \"version\": \"3.6.9E\"}, {\"status\": \"affected\", \"version\": \"3.6.10E\"}, {\"status\": \"affected\", \"version\": \"3.3.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.3.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.4.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.4.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.7.0E\"}, {\"status\": \"affected\", \"version\": \"3.7.1E\"}, {\"status\": \"affected\", \"version\": \"3.7.2E\"}, {\"status\": \"affected\", \"version\": \"3.7.3E\"}, {\"status\": \"affected\", \"version\": \"3.7.4E\"}, {\"status\": \"affected\", \"version\": \"3.7.5E\"}, {\"status\": \"affected\", \"version\": \"3.5.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.2SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.3SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.4SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.5SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.6SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.7SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.8SQ\"}, {\"status\": \"affected\", \"version\": \"3.16.1S\"}, {\"status\": \"affected\", \"version\": \"3.16.0bS\"}, {\"status\": \"affected\", \"version\": \"3.16.10S\"}, {\"status\": \"affected\", \"version\": \"3.8.0E\"}, {\"status\": \"affected\", \"version\": \"3.8.1E\"}, {\"status\": \"affected\", \"version\": \"3.8.2E\"}, {\"status\": \"affected\", \"version\": \"3.8.3E\"}, {\"status\": \"affected\", \"version\": \"3.8.4E\"}, {\"status\": \"affected\", \"version\": \"3.8.5E\"}, {\"status\": \"affected\", \"version\": \"3.8.5aE\"}, {\"status\": \"affected\", \"version\": \"3.8.6E\"}, {\"status\": \"affected\", \"version\": \"3.8.7E\"}, {\"status\": \"affected\", \"version\": \"3.9.0E\"}, {\"status\": \"affected\", \"version\": \"3.9.1E\"}, {\"status\": \"affected\", \"version\": \"3.9.2E\"}, {\"status\": \"affected\", \"version\": \"3.9.2bE\"}, {\"status\": \"affected\", \"version\": \"16.9.2h\"}, {\"status\": \"affected\", \"version\": \"3.10.0E\"}, {\"status\": \"affected\", \"version\": \"3.10.1E\"}, {\"status\": \"affected\", \"version\": \"3.10.0cE\"}, {\"status\": \"affected\", \"version\": \"3.10.1aE\"}, {\"status\": \"affected\", \"version\": \"3.10.1sE\"}, {\"status\": \"affected\", \"version\": \"16.12.1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2019-03-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-03-29T06:06:05.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.4\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvj25068\", \"CSCvj25124\"]], \"advisory\": \"cisco-sa-20190327-cmp-dos\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.2.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.3SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.4SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.5SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.6SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.7SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.8SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.9SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.10SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.11SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.2XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.3SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.4SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.5SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.6SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.7SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.8SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.4S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.12.0aS\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.2aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.6E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.8E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.9E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.10E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.2SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.3SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.4SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.5SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.6SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.7SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.8SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.1S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.0bS\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.10S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.5aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.6E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.7E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.2bE\", \"version_affected\": \"=\"}, {\"version_value\": \"16.9.2h\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.0cE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1sE\", \"version_affected\": \"=\"}, {\"version_value\": \"16.12.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"Cisco IOS and IOS XE Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-1746\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2019-03-27T16:00:00-0700\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-1746\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T19:41:58.266Z\", \"dateReserved\": \"2018-12-06T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2019-03-27T23:45:13.618Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…