// For flags

CVE-2019-1814

Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability

Severity Score

8.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.

Una vulnerabilidad en las interacciones entre las funciones DHCP y TFTP para Cisco Small Business 300 Series (Sx300) Managed Switches, podría permitir que un atacante remoto no autenticado cause que el dispositivo tenga una disminución sobre la memoria del sistema, que a su vez podría generar una recarga inesperada de el dispositivo resultando en una condición de denegación de servicio (DoS) en el dispositivo afectado. La vulnerabilidad se debe a un error al liberar la memoria del sistema cuando una solicitud DHCP inesperada es recibida. Un atacante podría aprovechar esta vulnerabilidad enviando un paquete DHCP creado para el dispositivo de destino. Un aprovechamiento exitoso podría permitir al atacante provocar una recarga inesperada del dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-05-15 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-10-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Sf302-08pp Firmware
Search vendor "Cisco" for product "Sf302-08pp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf302-08pp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf302-08pp
Search vendor "Cisco" for product "Sf302-08pp"
--
Safe
Cisco
Search vendor "Cisco"
Sf302-08mpp Firmware
Search vendor "Cisco" for product "Sf302-08mpp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf302-08mpp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf302-08mpp
Search vendor "Cisco" for product "Sf302-08mpp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10pp Firmware
Search vendor "Cisco" for product "Sg300-10pp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10pp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10pp
Search vendor "Cisco" for product "Sg300-10pp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10mpp Firmware
Search vendor "Cisco" for product "Sg300-10mpp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10mpp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10mpp
Search vendor "Cisco" for product "Sg300-10mpp"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-24pp Firmware
Search vendor "Cisco" for product "Sf300-24pp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-24pp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-24pp
Search vendor "Cisco" for product "Sf300-24pp"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-48pp Firmware
Search vendor "Cisco" for product "Sf300-48pp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-48pp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-48pp
Search vendor "Cisco" for product "Sf300-48pp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-28pp Firmware
Search vendor "Cisco" for product "Sg300-28pp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-28pp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-28pp
Search vendor "Cisco" for product "Sg300-28pp"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-08 Firmware
Search vendor "Cisco" for product "Sf300-08 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-08 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-08
Search vendor "Cisco" for product "Sf300-08"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-48p Firmware
Search vendor "Cisco" for product "Sf300-48p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-48p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-48p
Search vendor "Cisco" for product "Sf300-48p"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10mp Firmware
Search vendor "Cisco" for product "Sg300-10mp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10mp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10mp
Search vendor "Cisco" for product "Sg300-10mp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10p Firmware
Search vendor "Cisco" for product "Sg300-10p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10p
Search vendor "Cisco" for product "Sg300-10p"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10 Firmware
Search vendor "Cisco" for product "Sg300-10 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10
Search vendor "Cisco" for product "Sg300-10"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-28p Firmware
Search vendor "Cisco" for product "Sg300-28p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-28p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-28p
Search vendor "Cisco" for product "Sg300-28p"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-24p Firmware
Search vendor "Cisco" for product "Sf300-24p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-24p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-24p
Search vendor "Cisco" for product "Sf300-24p"
--
Safe
Cisco
Search vendor "Cisco"
Sf302-08mp Firmware
Search vendor "Cisco" for product "Sf302-08mp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf302-08mp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf302-08mp
Search vendor "Cisco" for product "Sf302-08mp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-28 Firmware
Search vendor "Cisco" for product "Sg300-28 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-28 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-28
Search vendor "Cisco" for product "Sg300-28"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-48 Firmware
Search vendor "Cisco" for product "Sf300-48 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-48 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-48
Search vendor "Cisco" for product "Sf300-48"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-20 Firmware
Search vendor "Cisco" for product "Sg300-20 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-20 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-20
Search vendor "Cisco" for product "Sg300-20"
--
Safe
Cisco
Search vendor "Cisco"
Sf302-08p Firmware
Search vendor "Cisco" for product "Sf302-08p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf302-08p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf302-08p
Search vendor "Cisco" for product "Sf302-08p"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-52 Firmware
Search vendor "Cisco" for product "Sg300-52 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-52 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-52
Search vendor "Cisco" for product "Sg300-52"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-24 Firmware
Search vendor "Cisco" for product "Sf300-24 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-24 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-24
Search vendor "Cisco" for product "Sf300-24"
--
Safe
Cisco
Search vendor "Cisco"
Sf302-08 Firmware
Search vendor "Cisco" for product "Sf302-08 Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf302-08 Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf302-08
Search vendor "Cisco" for product "Sf302-08"
--
Safe
Cisco
Search vendor "Cisco"
Sf300-24mp Firmware
Search vendor "Cisco" for product "Sf300-24mp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sf300-24mp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sf300-24mp
Search vendor "Cisco" for product "Sf300-24mp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-10sfp Firmware
Search vendor "Cisco" for product "Sg300-10sfp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-10sfp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-10sfp
Search vendor "Cisco" for product "Sg300-10sfp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-28mp Firmware
Search vendor "Cisco" for product "Sg300-28mp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-28mp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-28mp
Search vendor "Cisco" for product "Sg300-28mp"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-52p Firmware
Search vendor "Cisco" for product "Sg300-52p Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-52p Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-52p
Search vendor "Cisco" for product "Sg300-52p"
--
Safe
Cisco
Search vendor "Cisco"
Sg300-52mp Firmware
Search vendor "Cisco" for product "Sg300-52mp Firmware"
< 1.4.10.6
Search vendor "Cisco" for product "Sg300-52mp Firmware" and version " < 1.4.10.6"
-
Affected
in Cisco
Search vendor "Cisco"
Sg300-52mp
Search vendor "Cisco" for product "Sg300-52mp"
--
Safe