// For flags

CVE-2019-1594

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability

Severity Score

7.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).

Una vulnerabilidad en la implementación 802.X en el software NX-OS de Cisco podría permitir a un atacante adyacente sin autenticar provocar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la validación incompleta del protocolo de autenticación extensible sobre tramas LAN (EAPOL). Un atacante podría explotarla enviando una trama EAPOL manipulada a una interfaz el dispositivo objetivo. Su explotación con éxito podría permitir que el atacante provoque el proceso de reenvío de la Capa 2 (L2) se reinicie múltiples veces, conduciendo al reinicio del sistema operativo del dispositivo y una condición de denegación de servicio (DoS). Nota: Esta vulnerabilidad solo afecta a los dispositivos NX-OS que estén configurados con la funcionalidad 802.1X. El switch de Cisco Nexus 1000V para los dispositivos de VMware vSphere se ve afectado en versiones anteriores a la 5.2(1)SV3(1.4b). Los switches de Nexus 3000 Series se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus 3500 Platform se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus, en sus series 2000, 5500, 5600 y 6000, se ven afectados en versiones anteriores a las 7.3(5)N1(1) y 7.1(5)N1(1b). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a la 8.2(3). Las versiones anteriores a la 13.2(1l) de Nexus 9000 Series Fabric Switches, en modo ACI, se ven afectadas. Las versiones anteriores a la 70(3)I7(4) de Nexus 9000 Series Switches, en modo NX-OS, se ven afectadas.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-03-06 CVE Published
  • 2024-07-27 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 5.2\(1\)sv3\(1.4b\)
Search vendor "Cisco" for product "Nx-os" and version " < 5.2\(1\)sv3\(1.4b\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 1000v
Search vendor "Cisco" for product "Nexus 1000v"
-vmware_vsphere
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 3000
Search vendor "Cisco" for product "Nexus 3000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 3500
Search vendor "Cisco" for product "Nexus 3500"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 7.1\(5\)n1\(1b\)
Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 2000
Search vendor "Cisco" for product "Nexus 2000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 7.1\(5\)n1\(1b\)
Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 5500
Search vendor "Cisco" for product "Nexus 5500"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 7.1\(5\)n1\(1b\)
Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 5600
Search vendor "Cisco" for product "Nexus 5600"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 7.1\(5\)n1\(1b\)
Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 6000
Search vendor "Cisco" for product "Nexus 6000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 8.3 < 8.3\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 8.3 < 8.3\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7000
Search vendor "Cisco" for product "Nexus 7000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 8.3 < 8.3\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 8.3 < 8.3\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7700
Search vendor "Cisco" for product "Nexus 7700"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
< 13.2\(1l\)
Search vendor "Cisco" for product "Nx-os" and version " < 13.2\(1l\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9000
Search vendor "Cisco" for product "Nexus 9000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9000 In Standalone Nx-os Mode
Search vendor "Cisco" for product "Nexus 9000 In Standalone Nx-os Mode"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(5\)n1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 2000
Search vendor "Cisco" for product "Nexus 2000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(5\)n1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 5500
Search vendor "Cisco" for product "Nexus 5500"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(5\)n1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 5600
Search vendor "Cisco" for product "Nexus 5600"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(5\)n1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 6000
Search vendor "Cisco" for product "Nexus 6000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 8.0 < 8.2\(3\)
Search vendor "Cisco" for product "Nx-os" and version " >= 8.0 < 8.2\(3\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7000
Search vendor "Cisco" for product "Nexus 7000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 8.0 < 8.2\(3\)
Search vendor "Cisco" for product "Nx-os" and version " >= 8.0 < 8.2\(3\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7700
Search vendor "Cisco" for product "Nexus 7700"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(3\)d1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(3\)d1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7000
Search vendor "Cisco" for product "Nexus 7000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 7.2 < 7.3\(3\)d1\(1\)
Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(3\)d1\(1\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7700
Search vendor "Cisco" for product "Nexus 7700"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 6.2 < 6.2\(20a\)
Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(20a\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7000
Search vendor "Cisco" for product "Nexus 7000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
>= 6.2 < 6.2\(20a\)
Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(20a\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 7700
Search vendor "Cisco" for product "Nexus 7700"
--
Safe