Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1869

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.

Published

2019-06-20T03:15:11.993

Last Modified

2024-11-21T04:37:34.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-824
  • Type: Primary
    CWE-824
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco staros < 21.6.13 Yes
Operating System cisco staros < 21.6b.16 Yes
Operating System cisco staros < 21.7.11 Yes
Operating System cisco staros < 21.8.10 Yes
Operating System cisco staros < 21.9.7 Yes
Operating System cisco staros < 21.10.2 Yes
Operating System cisco staros < 21.11.1 Yes
Hardware cisco asr_5000 - No
Hardware cisco asr_5500 - No
Hardware cisco asr_5700 - No
References