CVE-2019-1869
Cisco StarOS Denial of Service Vulnerability
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.
Una vulnerabilidad en la funcionalidad internal packet-processing del sistema operativo StarOS de Cisco que se ejecuta en plataformas virtuales podría permitir a un atacante remoto no autenticado hacer que un dispositivo afectado detenga el procesamiento del tráfico, resultando en una condición de denegación de servicio (DoS). Una vulnerabilidad es debido a un error lógico que puede ocurrir en condiciones de tráfico específicas. Un atacante podría explotar esta vulnerabilidad enviando una serie de paquetes creados a un dispositivo afectado. Una explotación con éxito podría permitir que el atacante impida que la interfaz de servicio destino reciba algún tráfico, lo que conllevaría a una condición DoS en la interfaz afectada. Es posible que el dispositivo tenga que volver a cargarse manualmente para recuperarse de la explotación de esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-06-20 CVE Published
- 2024-11-10 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108853 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.13 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.13" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.13 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.13" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.13 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.13" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6b < 21.6b.16 Search vendor "Cisco" for product "Staros" and version " >= 21.6b < 21.6b.16" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6b < 21.6b.16 Search vendor "Cisco" for product "Staros" and version " >= 21.6b < 21.6b.16" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6b < 21.6b.16 Search vendor "Cisco" for product "Staros" and version " >= 21.6b < 21.6b.16" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.7 < 21.7.11 Search vendor "Cisco" for product "Staros" and version " >= 21.7 < 21.7.11" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.7 < 21.7.11 Search vendor "Cisco" for product "Staros" and version " >= 21.7 < 21.7.11" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.7 < 21.7.11 Search vendor "Cisco" for product "Staros" and version " >= 21.7 < 21.7.11" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.8 < 21.8.10 Search vendor "Cisco" for product "Staros" and version " >= 21.8 < 21.8.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.8 < 21.8.10 Search vendor "Cisco" for product "Staros" and version " >= 21.8 < 21.8.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.8 < 21.8.10 Search vendor "Cisco" for product "Staros" and version " >= 21.8 < 21.8.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.9 < 21.9.7 Search vendor "Cisco" for product "Staros" and version " >= 21.9 < 21.9.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.9 < 21.9.7 Search vendor "Cisco" for product "Staros" and version " >= 21.9 < 21.9.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.9 < 21.9.7 Search vendor "Cisco" for product "Staros" and version " >= 21.9 < 21.9.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.10 < 21.10.2 Search vendor "Cisco" for product "Staros" and version " >= 21.10 < 21.10.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.10 < 21.10.2 Search vendor "Cisco" for product "Staros" and version " >= 21.10 < 21.10.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.10 < 21.10.2 Search vendor "Cisco" for product "Staros" and version " >= 21.10 < 21.10.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.11 < 21.11.1 Search vendor "Cisco" for product "Staros" and version " >= 21.11 < 21.11.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.11 < 21.11.1 Search vendor "Cisco" for product "Staros" and version " >= 21.11 < 21.11.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.11 < 21.11.1 Search vendor "Cisco" for product "Staros" and version " >= 21.11 < 21.11.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|