CVE-2019-1814
Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability
Severity Score
8.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.
Una vulnerabilidad en las interacciones entre las funciones DHCP y TFTP para Cisco Small Business 300 Series (Sx300) Managed Switches, podría permitir que un atacante remoto no autenticado cause que el dispositivo tenga una disminución sobre la memoria del sistema, que a su vez podría generar una recarga inesperada de el dispositivo resultando en una condición de denegación de servicio (DoS) en el dispositivo afectado. La vulnerabilidad se debe a un error al liberar la memoria del sistema cuando una solicitud DHCP inesperada es recibida. Un atacante podría aprovechar esta vulnerabilidad enviando un paquete DHCP creado para el dispositivo de destino. Un aprovechamiento exitoso podría permitir al atacante provocar una recarga inesperada del dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-05-15 CVE Published
- 2024-10-05 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108344 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Sf302-08pp Firmware Search vendor "Cisco" for product "Sf302-08pp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf302-08pp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf302-08pp Search vendor "Cisco" for product "Sf302-08pp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf302-08mpp Firmware Search vendor "Cisco" for product "Sf302-08mpp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf302-08mpp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf302-08mpp Search vendor "Cisco" for product "Sf302-08mpp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10pp Firmware Search vendor "Cisco" for product "Sg300-10pp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10pp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10pp Search vendor "Cisco" for product "Sg300-10pp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10mpp Firmware Search vendor "Cisco" for product "Sg300-10mpp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10mpp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10mpp Search vendor "Cisco" for product "Sg300-10mpp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-24pp Firmware Search vendor "Cisco" for product "Sf300-24pp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-24pp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-24pp Search vendor "Cisco" for product "Sf300-24pp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-48pp Firmware Search vendor "Cisco" for product "Sf300-48pp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-48pp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-48pp Search vendor "Cisco" for product "Sf300-48pp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-28pp Firmware Search vendor "Cisco" for product "Sg300-28pp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-28pp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-28pp Search vendor "Cisco" for product "Sg300-28pp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-08 Firmware Search vendor "Cisco" for product "Sf300-08 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-08 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-08 Search vendor "Cisco" for product "Sf300-08" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-48p Firmware Search vendor "Cisco" for product "Sf300-48p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-48p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-48p Search vendor "Cisco" for product "Sf300-48p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10mp Firmware Search vendor "Cisco" for product "Sg300-10mp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10mp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10mp Search vendor "Cisco" for product "Sg300-10mp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10p Firmware Search vendor "Cisco" for product "Sg300-10p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10p Search vendor "Cisco" for product "Sg300-10p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10 Firmware Search vendor "Cisco" for product "Sg300-10 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10 Search vendor "Cisco" for product "Sg300-10" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-28p Firmware Search vendor "Cisco" for product "Sg300-28p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-28p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-28p Search vendor "Cisco" for product "Sg300-28p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-24p Firmware Search vendor "Cisco" for product "Sf300-24p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-24p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-24p Search vendor "Cisco" for product "Sf300-24p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf302-08mp Firmware Search vendor "Cisco" for product "Sf302-08mp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf302-08mp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf302-08mp Search vendor "Cisco" for product "Sf302-08mp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-28 Firmware Search vendor "Cisco" for product "Sg300-28 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-28 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-28 Search vendor "Cisco" for product "Sg300-28" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-48 Firmware Search vendor "Cisco" for product "Sf300-48 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-48 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-48 Search vendor "Cisco" for product "Sf300-48" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-20 Firmware Search vendor "Cisco" for product "Sg300-20 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-20 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-20 Search vendor "Cisco" for product "Sg300-20" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf302-08p Firmware Search vendor "Cisco" for product "Sf302-08p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf302-08p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf302-08p Search vendor "Cisco" for product "Sf302-08p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-52 Firmware Search vendor "Cisco" for product "Sg300-52 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-52 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-52 Search vendor "Cisco" for product "Sg300-52" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-24 Firmware Search vendor "Cisco" for product "Sf300-24 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-24 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-24 Search vendor "Cisco" for product "Sf300-24" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf302-08 Firmware Search vendor "Cisco" for product "Sf302-08 Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf302-08 Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf302-08 Search vendor "Cisco" for product "Sf302-08" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sf300-24mp Firmware Search vendor "Cisco" for product "Sf300-24mp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sf300-24mp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sf300-24mp Search vendor "Cisco" for product "Sf300-24mp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-10sfp Firmware Search vendor "Cisco" for product "Sg300-10sfp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-10sfp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-10sfp Search vendor "Cisco" for product "Sg300-10sfp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-28mp Firmware Search vendor "Cisco" for product "Sg300-28mp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-28mp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-28mp Search vendor "Cisco" for product "Sg300-28mp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-52p Firmware Search vendor "Cisco" for product "Sg300-52p Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-52p Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-52p Search vendor "Cisco" for product "Sg300-52p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sg300-52mp Firmware Search vendor "Cisco" for product "Sg300-52mp Firmware" | < 1.4.10.6 Search vendor "Cisco" for product "Sg300-52mp Firmware" and version " < 1.4.10.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Sg300-52mp Search vendor "Cisco" for product "Sg300-52mp" | - | - |
Safe
|