CVE-2019-1616
Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a).
Una vulnerabilidad en el componente Cisco Fabric Services del software NX-OS de Cisco podría permitir a un atacante remoto no autenticado provocar un desbordamiento de búfer, conduciendo a una condición de denegación de servicio (DoS). Esta vulnerabilidad se debe a una validación insuficiente de paquetes de Cisco Fabric Services. Un atacante podría explotar esta vulnerabilidad enviando un paquete Cisco Fabric Services manipulado a un dispositivo afectado. Un exploit con éxito podría permitir al atacante provocar un desbordamiento de búfer, conduciendo a cierres de procesos y una condición de denegación de servicio (DoS). Los switches de MDS 9000 Series Multilayer se ven afectados en versiones anteriores a 6.25(25), 8.1(1b) y 8.3(1). Los switches de Nexus 3000 Series se ven afectados en versiones de software anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de Nexus 3500 Platform Series se ven afectados en versiones de software anteriores a las 6.0(2)A8(10) y 7.0(3)I7(4). Los switches de Nexus 3600, se ven afectados en versiones anteriores a las 7.0(3)F3(5) y los switches de Nexus de la series 7000 y 7700 se ven afectados en versiones anteriores a las 6.2(22) y 8.2(3). Los switches de Nexus 9000 en modo Standalone NX-OS se ven afectados en versiones de software anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de 9500 R-Series Line Cards y Fabric Modules se ven afectados en versiones anteriores a la 7.0(3)F3(5). UCS 6200, 6300 y 6400 Series Fabric Interconnect se ven afectados en versiones anteriores a las 3.2(3j) y 4.0(2a).
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-11 CVE Published
- 2024-07-27 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107395 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 8.2 < 8.3\(1\) Search vendor "Cisco" for product "Nx-os" and version " >= 8.2 < 8.3\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9000 Search vendor "Cisco" for product "Mds 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\) < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3500 Search vendor "Cisco" for product "Nexus 3500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i5 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i5 < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3000 Search vendor "Cisco" for product "Nexus 3000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)f3 < 7.0\(3\)f3\(3c\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)f3 < 7.0\(3\)f3\(3c\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3600 Search vendor "Cisco" for product "Nexus 3600" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 8.2\(3\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 8.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.2 < 8.2\(3\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.2 < 8.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i5 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i5 < 7.0\(3\)i7\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 Search vendor "Cisco" for product "Nexus 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)f1 < 7.0\(3\)f3\(3c\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)f1 < 7.0\(3\)f3\(3c\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9500 Search vendor "Cisco" for product "Nexus 9500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.3 < 8.1\(1b\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.3 < 8.1\(1b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9000 Search vendor "Cisco" for product "Mds 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 5.2 < 6.2\(25\) Search vendor "Cisco" for product "Nx-os" and version " >= 5.2 < 6.2\(25\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9000 Search vendor "Cisco" for product "Mds 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 7.0\(3\)i4 < 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i4 < 7.0\(3\)i4\(9\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3000 Search vendor "Cisco" for product "Nexus 3000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 6.2 < 6.2\(22\) Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(22\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 6.2 < 6.2\(22\) Search vendor "Cisco" for product "Nx-os" and version " >= 6.2 < 6.2\(22\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 6.2\(22\) Search vendor "Cisco" for product "Nx-os" and version " < 6.2\(22\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 6.2\(22\) Search vendor "Cisco" for product "Nx-os" and version " < 6.2\(22\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 Search vendor "Cisco" for product "Nexus 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 6.0\(2\)a8 < 6.0\(2\)a8\(10\) Search vendor "Cisco" for product "Nx-os" and version " >= 6.0\(2\)a8 < 6.0\(2\)a8\(10\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3500 Search vendor "Cisco" for product "Nexus 3500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | <= 6.0\(2\)a8 Search vendor "Cisco" for product "Nx-os" and version " <= 6.0\(2\)a8" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3500 Search vendor "Cisco" for product "Nexus 3500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | <= 7.0\(3\)i4 Search vendor "Cisco" for product "Nx-os" and version " <= 7.0\(3\)i4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3000 Search vendor "Cisco" for product "Nexus 3000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 4.0 < 4.0\(2a\) Search vendor "Cisco" for product "Nx-os" and version " >= 4.0 < 4.0\(2a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6200 Search vendor "Cisco" for product "Ucs 6200" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 4.0 < 4.0\(2a\) Search vendor "Cisco" for product "Nx-os" and version " >= 4.0 < 4.0\(2a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6300 Search vendor "Cisco" for product "Ucs 6300" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | >= 4.0 < 4.0\(2a\) Search vendor "Cisco" for product "Nx-os" and version " >= 4.0 < 4.0\(2a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6400 Search vendor "Cisco" for product "Ucs 6400" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 3.2\(3j\) Search vendor "Cisco" for product "Nx-os" and version " < 3.2\(3j\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6200 Search vendor "Cisco" for product "Ucs 6200" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 3.2\(3j\) Search vendor "Cisco" for product "Nx-os" and version " < 3.2\(3j\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6300 Search vendor "Cisco" for product "Ucs 6300" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | < 3.2\(3j\) Search vendor "Cisco" for product "Nx-os" and version " < 3.2\(3j\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs 6400 Search vendor "Cisco" for product "Ucs 6400" | - | - |
Safe
|