CVE-2019-1750
Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability
Severity Score
7.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An attacker could exploit this vulnerability by sending a specially crafted CDP packet. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Una vulnerabilidad en el VSS (Easy Virtual Switching System) del software Cisco IOS XE en los switches Catalyst 4500 Series podría permitir que un atacante adyacente no autenticado provoque la recarga de los switches. La vulnerabilidad se debe a la gestión incompleta de errores al procesar paquetes CDP (Cisco Discovery Protocol) empleados en el VSS. Un atacante podría explotar esta vulnerabilidad enviando un paquete CDP especialmente manipulado. Su explotación podría permitir que el atacante consiga que el dispositivo se reinicie, provocando una denegación de servicio (DoS).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-27 CVE Published
- 2024-08-17 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-388: 7PK - Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107607 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.0ae Search vendor "Cisco" for product "Ios Xe" and version "3.6.0ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.0be Search vendor "Cisco" for product "Ios Xe" and version "3.6.0be" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.0e Search vendor "Cisco" for product "Ios Xe" and version "3.6.0e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.1e Search vendor "Cisco" for product "Ios Xe" and version "3.6.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.2ae Search vendor "Cisco" for product "Ios Xe" and version "3.6.2ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.2e Search vendor "Cisco" for product "Ios Xe" and version "3.6.2e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.3e Search vendor "Cisco" for product "Ios Xe" and version "3.6.3e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.4e Search vendor "Cisco" for product "Ios Xe" and version "3.6.4e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.5ae Search vendor "Cisco" for product "Ios Xe" and version "3.6.5ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.5be Search vendor "Cisco" for product "Ios Xe" and version "3.6.5be" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.5e Search vendor "Cisco" for product "Ios Xe" and version "3.6.5e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.6e Search vendor "Cisco" for product "Ios Xe" and version "3.6.6e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.7ae Search vendor "Cisco" for product "Ios Xe" and version "3.6.7ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.7be Search vendor "Cisco" for product "Ios Xe" and version "3.6.7be" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.7e Search vendor "Cisco" for product "Ios Xe" and version "3.6.7e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.8e Search vendor "Cisco" for product "Ios Xe" and version "3.6.8e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.9e Search vendor "Cisco" for product "Ios Xe" and version "3.6.9e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.10e Search vendor "Cisco" for product "Ios Xe" and version "3.6.10e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.7.0e Search vendor "Cisco" for product "Ios Xe" and version "3.7.0e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.7.1e Search vendor "Cisco" for product "Ios Xe" and version "3.7.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.7.2e Search vendor "Cisco" for product "Ios Xe" and version "3.7.2e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.7.3e Search vendor "Cisco" for product "Ios Xe" and version "3.7.3e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.0e Search vendor "Cisco" for product "Ios Xe" and version "3.8.0e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.1e Search vendor "Cisco" for product "Ios Xe" and version "3.8.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.2e Search vendor "Cisco" for product "Ios Xe" and version "3.8.2e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.3e Search vendor "Cisco" for product "Ios Xe" and version "3.8.3e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.4e Search vendor "Cisco" for product "Ios Xe" and version "3.8.4e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.5ae Search vendor "Cisco" for product "Ios Xe" and version "3.8.5ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.5e Search vendor "Cisco" for product "Ios Xe" and version "3.8.5e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.6e Search vendor "Cisco" for product "Ios Xe" and version "3.8.6e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.8.7e Search vendor "Cisco" for product "Ios Xe" and version "3.8.7e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.9.0e Search vendor "Cisco" for product "Ios Xe" and version "3.9.0e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.9.1e Search vendor "Cisco" for product "Ios Xe" and version "3.9.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.9.2be Search vendor "Cisco" for product "Ios Xe" and version "3.9.2be" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.9.2e Search vendor "Cisco" for product "Ios Xe" and version "3.9.2e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.0ce Search vendor "Cisco" for product "Ios Xe" and version "3.10.0ce" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.0e Search vendor "Cisco" for product "Ios Xe" and version "3.10.0e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.1ae Search vendor "Cisco" for product "Ios Xe" and version "3.10.1ae" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.1e Search vendor "Cisco" for product "Ios Xe" and version "3.10.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.1se Search vendor "Cisco" for product "Ios Xe" and version "3.10.1se" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.10.2e Search vendor "Cisco" for product "Ios Xe" and version "3.10.2e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.2h Search vendor "Cisco" for product "Ios Xe" and version "16.9.2h" | - |
Affected
| ||||||