CVE-2019-1594
Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).
Una vulnerabilidad en la implementación 802.X en el software NX-OS de Cisco podría permitir a un atacante adyacente sin autenticar provocar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la validación incompleta del protocolo de autenticación extensible sobre tramas LAN (EAPOL). Un atacante podría explotarla enviando una trama EAPOL manipulada a una interfaz el dispositivo objetivo. Su explotación con éxito podría permitir que el atacante provoque el proceso de reenvío de la Capa 2 (L2) se reinicie múltiples veces, conduciendo al reinicio del sistema operativo del dispositivo y una condición de denegación de servicio (DoS). Nota: Esta vulnerabilidad solo afecta a los dispositivos NX-OS que estén configurados con la funcionalidad 802.1X. El switch de Cisco Nexus 1000V para los dispositivos de VMware vSphere se ve afectado en versiones anteriores a la 5.2(1)SV3(1.4b). Los switches de Nexus 3000 Series se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus 3500 Platform se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus, en sus series 2000, 5500, 5600 y 6000, se ven afectados en versiones anteriores a las 7.3(5)N1(1) y 7.1(5)N1(1b). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a la 8.2(3). Las versiones anteriores a la 13.2(1l) de Nexus 9000 Series Fabric Switches, en modo ACI, se ven afectadas. Las versiones anteriores a la 70(3)I7(4) de Nexus 9000 Series Switches, en modo NX-OS, se ven afectadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-06 CVE Published
- 2024-07-27 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/107325 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth | 2019-10-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 5.2\(1\)sv3\(1.4b\) Search vendor "Cisco" for product "Nx-os" and version " < 5.2\(1\)sv3\(1.4b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 1000v Search vendor "Cisco" for product "Nexus 1000v" | - | vmware_vsphere |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3000 Search vendor "Cisco" for product "Nexus 3000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3500 Search vendor "Cisco" for product "Nexus 3500" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 7.1\(5\)n1\(1b\) Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 2000 Search vendor "Cisco" for product "Nexus 2000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 7.1\(5\)n1\(1b\) Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5500 Search vendor "Cisco" for product "Nexus 5500" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 7.1\(5\)n1\(1b\) Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5600 Search vendor "Cisco" for product "Nexus 5600" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 7.1\(5\)n1\(1b\) Search vendor "Cisco" for product "Nx-os" and version " < 7.1\(5\)n1\(1b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 6000 Search vendor "Cisco" for product "Nexus 6000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 8.3 < 8.3\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 8.3 < 8.3\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 8.3 < 8.3\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 8.3 < 8.3\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 13.2\(1l\) Search vendor "Cisco" for product "Nx-os" and version " < 13.2\(1l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 Search vendor "Cisco" for product "Nexus 9000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 In Standalone Nx-os Mode Search vendor "Cisco" for product "Nexus 9000 In Standalone Nx-os Mode" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(5\)n1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 2000 Search vendor "Cisco" for product "Nexus 2000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(5\)n1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5500 Search vendor "Cisco" for product "Nexus 5500" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(5\)n1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5600 Search vendor "Cisco" for product "Nexus 5600" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(5\)n1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(5\)n1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 6000 Search vendor "Cisco" for product "Nexus 6000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 8.0 < 8.2\(3\) Search vendor "Cisco" for product "Nx-os" and version " >= 8.0 < 8.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 8.0 < 8.2\(3\) Search vendor "Cisco" for product "Nx-os" and version " >= 8.0 < 8.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(3\)d1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(3\)d1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 7.3\(3\)d1\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 7.3\(3\)d1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 6.2 < 6.2\(20a\) Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(20a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 6.2 < 6.2\(20a\) Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(20a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|