Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1750

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Published

2019-03-28T00:29:00.747

Last Modified

2024-11-21T04:37:16.857

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.4 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-388

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	3.6.0ae	Yes
Operating System	cisco	ios_xe	3.6.0be	Yes
Operating System	cisco	ios_xe	3.6.0e	Yes
Operating System	cisco	ios_xe	3.6.1e	Yes
Operating System	cisco	ios_xe	3.6.2ae	Yes
Operating System	cisco	ios_xe	3.6.2e	Yes
Operating System	cisco	ios_xe	3.6.3e	Yes
Operating System	cisco	ios_xe	3.6.4e	Yes
Operating System	cisco	ios_xe	3.6.5ae	Yes
Operating System	cisco	ios_xe	3.6.5be	Yes
Operating System	cisco	ios_xe	3.6.5e	Yes
Operating System	cisco	ios_xe	3.6.6e	Yes
Operating System	cisco	ios_xe	3.6.7ae	Yes
Operating System	cisco	ios_xe	3.6.7be	Yes
Operating System	cisco	ios_xe	3.6.7e	Yes
Operating System	cisco	ios_xe	3.6.8e	Yes
Operating System	cisco	ios_xe	3.6.9e	Yes
Operating System	cisco	ios_xe	3.6.10e	Yes
Operating System	cisco	ios_xe	3.7.0e	Yes
Operating System	cisco	ios_xe	3.7.1e	Yes
Operating System	cisco	ios_xe	3.7.2e	Yes
Operating System	cisco	ios_xe	3.7.3e	Yes
Operating System	cisco	ios_xe	3.8.0e	Yes
Operating System	cisco	ios_xe	3.8.1e	Yes
Operating System	cisco	ios_xe	3.8.2e	Yes
Operating System	cisco	ios_xe	3.8.3e	Yes
Operating System	cisco	ios_xe	3.8.4e	Yes
Operating System	cisco	ios_xe	3.8.5ae	Yes
Operating System	cisco	ios_xe	3.8.5e	Yes
Operating System	cisco	ios_xe	3.8.6e	Yes
Operating System	cisco	ios_xe	3.8.7e	Yes
Operating System	cisco	ios_xe	3.9.0e	Yes
Operating System	cisco	ios_xe	3.9.1e	Yes
Operating System	cisco	ios_xe	3.9.2be	Yes
Operating System	cisco	ios_xe	3.9.2e	Yes
Operating System	cisco	ios_xe	3.10.0ce	Yes
Operating System	cisco	ios_xe	3.10.0e	Yes
Operating System	cisco	ios_xe	3.10.1ae	Yes
Operating System	cisco	ios_xe	3.10.1e	Yes
Operating System	cisco	ios_xe	3.10.1se	Yes
Operating System	cisco	ios_xe	3.10.2e	Yes
Operating System	cisco	ios_xe	16.9.2h	Yes

References

http://www.securityfocus.com/bid/107607 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/107607 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)