CVE-2019-1901

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release.

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9336pq:-:::::::*
	cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*

History

21 Nov 2024, 04:37

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo - Vendor Advisory

Information

Published : 2019-07-31 18:15

Updated : 2024-11-21 04:37

NVD link : CVE-2019-1901

Mitre link : CVE-2019-1901

CVE.ORG link : CVE-2019-1901

JSON object : View

Products Affected

cisco

nexus_9372tx-e
nexus_9332pq
nexus_93120tx
nx-os
nexus_9348gc-fxp
nexus_9396tx
nexus_93108tc-fx
nexus_9336c-fx2
nexus_9396px
nexus_93180yc-ex
nexus_9504
nexus_93240yc-fx2
nexus_93108tc-ex
nexus_9372tx
nexus_9364c
nexus_93180lc-ex
nexus_93128tx
nexus_9336pq
nexus_93180yc-fx
nexus_9508
nexus_9372px
nexus_9332c
nexus_9372px-e
nexus_9516

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2019-1901", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-07-31T18:15:11.050", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release."}, {"lang": "es", "value": "Una vulnerabilidad en el subsistema de protocolo de descubrimiento de capa de enlace (LLDP) del software de cambio de modo de infraestructura centrada en aplicaciones (ACI) de Cisco Nexus serie 9000 podr\u00eda permitir que un atacante adyacente no autenticado cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecute c\u00f3digo arbitrario con privilegios de root . La vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta de ciertos campos de tipo, longitud, valor (TLV) del encabezado de trama LLDP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un paquete LLDP dise\u00f1ado al dispositivo de destino. Una explotaci\u00f3n con \u00e9xito puede conducir a una condici\u00f3n de desbordamiento del b\u00fafer que podr\u00eda causar una condici\u00f3n DoS o permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios de root. Nota: Esta vulnerabilidad no puede ser explotada por el tr\u00e1fico de tr\u00e1nsito a trav\u00e9s del dispositivo; el paquete especialmente dise\u00f1ado debe estar dirigido a una interfaz conectada directamente. Esta vulnerabilidad afecta a los conmutadores Fabric Cisco Nexus serie 9000 en modo ACI si est\u00e1n ejecutando una versi\u00f3n del software del conmutador de modo Cisco Nexus serie 9000 ACI anterior a 13.2 (7f) o cualquier versi\u00f3n 14.x."}], "lastModified": "2024-11-21T04:37:39.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE0577E5-76EB-49BD-82D3-CFB7A11C3A29", "versionEndExcluding": "13.2\\(7f\\)"}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26F76B6B-58CD-4FF5-9DFC-601377014C9F", "versionEndIncluding": "14.1\\(2g\\)", "versionStartIncluding": "14.0\\(1h\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901"}, {"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D"}, {"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730"}, {"criteria": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F1127D2-12C0-454F-91EF-5EE334070D06"}, {"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9"}, {"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222"}, {"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD"}, {"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A"}, {"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1"}, {"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6"}, {"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26F76B6B-58CD-4FF5-9DFC-601377014C9F", "versionEndIncluding": "14.1\\(2g\\)", "versionStartIncluding": "14.0\\(1h\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}

8.8 /10