CVE-2019-1746 (GCVE-0-2019-1746)

Vulnerability from cvelistv5 – Published: 2019-03-27 23:45 – Updated: 2024-11-21 19:41
VLAI?
Title
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
Summary
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
Severity ?
7.4 (High)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE
Assigner
References
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/107612 vdb-entryx_refsource_BID
Impacted products
Vendor Product Version
Cisco Cisco IOS and IOS XE Software Affected: 3.2.0SG
Affected: 3.2.1SG
Affected: 3.2.2SG
Affected: 3.2.3SG
Affected: 3.2.4SG
Affected: 3.2.5SG
Affected: 3.2.6SG
Affected: 3.2.7SG
Affected: 3.2.8SG
Affected: 3.2.9SG
Affected: 3.2.10SG
Affected: 3.2.11SG
Affected: 3.3.0SG
Affected: 3.3.2SG
Affected: 3.3.1SG
Affected: 3.3.0XO
Affected: 3.3.1XO
Affected: 3.3.2XO
Affected: 3.4.0SG
Affected: 3.4.2SG
Affected: 3.4.1SG
Affected: 3.4.3SG
Affected: 3.4.4SG
Affected: 3.4.5SG
Affected: 3.4.6SG
Affected: 3.4.7SG
Affected: 3.4.8SG
Affected: 3.5.0E
Affected: 3.5.1E
Affected: 3.5.2E
Affected: 3.5.3E
Affected: 3.10.4S
Affected: 3.12.0aS
Affected: 3.6.0E
Affected: 3.6.1E
Affected: 3.6.0aE
Affected: 3.6.0bE
Affected: 3.6.2aE
Affected: 3.6.2E
Affected: 3.6.3E
Affected: 3.6.4E
Affected: 3.6.5E
Affected: 3.6.6E
Affected: 3.6.5aE
Affected: 3.6.5bE
Affected: 3.6.7E
Affected: 3.6.8E
Affected: 3.6.7aE
Affected: 3.6.7bE
Affected: 3.6.9E
Affected: 3.6.10E
Affected: 3.3.0SQ
Affected: 3.3.1SQ
Affected: 3.4.0SQ
Affected: 3.4.1SQ
Affected: 3.7.0E
Affected: 3.7.1E
Affected: 3.7.2E
Affected: 3.7.3E
Affected: 3.7.4E
Affected: 3.7.5E
Affected: 3.5.0SQ
Affected: 3.5.1SQ
Affected: 3.5.2SQ
Affected: 3.5.3SQ
Affected: 3.5.4SQ
Affected: 3.5.5SQ
Affected: 3.5.6SQ
Affected: 3.5.7SQ
Affected: 3.5.8SQ
Affected: 3.16.1S
Affected: 3.16.0bS
Affected: 3.16.10S
Affected: 3.8.0E
Affected: 3.8.1E
Affected: 3.8.2E
Affected: 3.8.3E
Affected: 3.8.4E
Affected: 3.8.5E
Affected: 3.8.5aE
Affected: 3.8.6E
Affected: 3.8.7E
Affected: 3.9.0E
Affected: 3.9.1E
Affected: 3.9.2E
Affected: 3.9.2bE
Affected: 16.9.2h
Affected: 3.10.0E
Affected: 3.10.1E
Affected: 3.10.0cE
Affected: 3.10.1aE
Affected: 3.10.1sE
Affected: 16.12.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
          },
          {
            "name": "107612",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107612"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:59:52.919534Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:41:58.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS and IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.0SG"
            },
            {
              "status": "affected",
              "version": "3.2.1SG"
            },
            {
              "status": "affected",
              "version": "3.2.2SG"
            },
            {
              "status": "affected",
              "version": "3.2.3SG"
            },
            {
              "status": "affected",
              "version": "3.2.4SG"
            },
            {
              "status": "affected",
              "version": "3.2.5SG"
            },
            {
              "status": "affected",
              "version": "3.2.6SG"
            },
            {
              "status": "affected",
              "version": "3.2.7SG"
            },
            {
              "status": "affected",
              "version": "3.2.8SG"
            },
            {
              "status": "affected",
              "version": "3.2.9SG"
            },
            {
              "status": "affected",
              "version": "3.2.10SG"
            },
            {
              "status": "affected",
              "version": "3.2.11SG"
            },
            {
              "status": "affected",
              "version": "3.3.0SG"
            },
            {
              "status": "affected",
              "version": "3.3.2SG"
            },
            {
              "status": "affected",
              "version": "3.3.1SG"
            },
            {
              "status": "affected",
              "version": "3.3.0XO"
            },
            {
              "status": "affected",
              "version": "3.3.1XO"
            },
            {
              "status": "affected",
              "version": "3.3.2XO"
            },
            {
              "status": "affected",
              "version": "3.4.0SG"
            },
            {
              "status": "affected",
              "version": "3.4.2SG"
            },
            {
              "status": "affected",
              "version": "3.4.1SG"
            },
            {
              "status": "affected",
              "version": "3.4.3SG"
            },
            {
              "status": "affected",
              "version": "3.4.4SG"
            },
            {
              "status": "affected",
              "version": "3.4.5SG"
            },
            {
              "status": "affected",
              "version": "3.4.6SG"
            },
            {
              "status": "affected",
              "version": "3.4.7SG"
            },
            {
              "status": "affected",
              "version": "3.4.8SG"
            },
            {
              "status": "affected",
              "version": "3.5.0E"
            },
            {
              "status": "affected",
              "version": "3.5.1E"
            },
            {
              "status": "affected",
              "version": "3.5.2E"
            },
            {
              "status": "affected",
              "version": "3.5.3E"
            },
            {
              "status": "affected",
              "version": "3.10.4S"
            },
            {
              "status": "affected",
              "version": "3.12.0aS"
            },
            {
              "status": "affected",
              "version": "3.6.0E"
            },
            {
              "status": "affected",
              "version": "3.6.1E"
            },
            {
              "status": "affected",
              "version": "3.6.0aE"
            },
            {
              "status": "affected",
              "version": "3.6.0bE"
            },
            {
              "status": "affected",
              "version": "3.6.2aE"
            },
            {
              "status": "affected",
              "version": "3.6.2E"
            },
            {
              "status": "affected",
              "version": "3.6.3E"
            },
            {
              "status": "affected",
              "version": "3.6.4E"
            },
            {
              "status": "affected",
              "version": "3.6.5E"
            },
            {
              "status": "affected",
              "version": "3.6.6E"
            },
            {
              "status": "affected",
              "version": "3.6.5aE"
            },
            {
              "status": "affected",
              "version": "3.6.5bE"
            },
            {
              "status": "affected",
              "version": "3.6.7E"
            },
            {
              "status": "affected",
              "version": "3.6.8E"
            },
            {
              "status": "affected",
              "version": "3.6.7aE"
            },
            {
              "status": "affected",
              "version": "3.6.7bE"
            },
            {
              "status": "affected",
              "version": "3.6.9E"
            },
            {
              "status": "affected",
              "version": "3.6.10E"
            },
            {
              "status": "affected",
              "version": "3.3.0SQ"
            },
            {
              "status": "affected",
              "version": "3.3.1SQ"
            },
            {
              "status": "affected",
              "version": "3.4.0SQ"
            },
            {
              "status": "affected",
              "version": "3.4.1SQ"
            },
            {
              "status": "affected",
              "version": "3.7.0E"
            },
            {
              "status": "affected",
              "version": "3.7.1E"
            },
            {
              "status": "affected",
              "version": "3.7.2E"
            },
            {
              "status": "affected",
              "version": "3.7.3E"
            },
            {
              "status": "affected",
              "version": "3.7.4E"
            },
            {
              "status": "affected",
              "version": "3.7.5E"
            },
            {
              "status": "affected",
              "version": "3.5.0SQ"
            },
            {
              "status": "affected",
              "version": "3.5.1SQ"
            },
            {
              "status": "affected",
              "version": "3.5.2SQ"
            },
            {
              "status": "affected",
              "version": "3.5.3SQ"
            },
            {
              "status": "affected",
              "version": "3.5.4SQ"
            },
            {
              "status": "affected",
              "version": "3.5.5SQ"
            },
            {
              "status": "affected",
              "version": "3.5.6SQ"
            },
            {
              "status": "affected",
              "version": "3.5.7SQ"
            },
            {
              "status": "affected",
              "version": "3.5.8SQ"
            },
            {
              "status": "affected",
              "version": "3.16.1S"
            },
            {
              "status": "affected",
              "version": "3.16.0bS"
            },
            {
              "status": "affected",
              "version": "3.16.10S"
            },
            {
              "status": "affected",
              "version": "3.8.0E"
            },
            {
              "status": "affected",
              "version": "3.8.1E"
            },
            {
              "status": "affected",
              "version": "3.8.2E"
            },
            {
              "status": "affected",
              "version": "3.8.3E"
            },
            {
              "status": "affected",
              "version": "3.8.4E"
            },
            {
              "status": "affected",
              "version": "3.8.5E"
            },
            {
              "status": "affected",
              "version": "3.8.5aE"
            },
            {
              "status": "affected",
              "version": "3.8.6E"
            },
            {
              "status": "affected",
              "version": "3.8.7E"
            },
            {
              "status": "affected",
              "version": "3.9.0E"
            },
            {
              "status": "affected",
              "version": "3.9.1E"
            },
            {
              "status": "affected",
              "version": "3.9.2E"
            },
            {
              "status": "affected",
              "version": "3.9.2bE"
            },
            {
              "status": "affected",
              "version": "16.9.2h"
            },
            {
              "status": "affected",
              "version": "3.10.0E"
            },
            {
              "status": "affected",
              "version": "3.10.1E"
            },
            {
              "status": "affected",
              "version": "3.10.0cE"
            },
            {
              "status": "affected",
              "version": "3.10.1aE"
            },
            {
              "status": "affected",
              "version": "3.10.1sE"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-29T06:06:05.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
        },
        {
          "name": "107612",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107612"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190327-cmp-dos",
        "defect": [
          [
            "CSCvj25068",
            "CSCvj25124"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-03-27T16:00:00-0700",
          "ID": "CVE-2019-1746",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS and IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3.2.0SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.1SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.2SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.3SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.4SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.5SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.6SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.7SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.8SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.9SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.10SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.2.11SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.0SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.2SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.1SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.0XO"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.1XO"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.2XO"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.0SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.2SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.1SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.3SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.4SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.5SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.6SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.7SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.8SG"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.2E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.3E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.4S"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.12.0aS"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.0aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.0bE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.2aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.2E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.3E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.4E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.5E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.6E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.5aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.5bE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.7E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.8E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.7aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.7bE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.9E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.6.10E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.0SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.3.1SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.0SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.4.1SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.2E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.3E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.4E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7.5E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.0SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.1SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.2SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.3SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.4SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.5SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.6SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.7SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.5.8SQ"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.16.1S"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.16.0bS"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.16.10S"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.2E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.3E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.4E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.5E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.5aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.6E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.8.7E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.9.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.9.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.9.2E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.9.2bE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "16.9.2h"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.0E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.1E"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.0cE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.1aE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.10.1sE"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "16.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
            },
            {
              "name": "107612",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107612"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190327-cmp-dos",
          "defect": [
            [
              "CSCvj25068",
              "CSCvj25124"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1746",
    "datePublished": "2019-03-27T23:45:13.618Z",
    "dateReserved": "2018-12-06T00:00:00.000Z",
    "dateUpdated": "2024-11-21T19:41:58.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:28:42.410Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-1746\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T18:59:52.919534Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T19:01:19.770Z\"}}], \"cna\": {\"title\": \"Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvj25068\", \"CSCvj25124\"]], \"advisory\": \"cisco-sa-20190327-cmp-dos\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS and IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.0SG\"}, {\"status\": \"affected\", \"version\": \"3.2.1SG\"}, {\"status\": \"affected\", \"version\": \"3.2.2SG\"}, {\"status\": \"affected\", \"version\": \"3.2.3SG\"}, {\"status\": \"affected\", \"version\": \"3.2.4SG\"}, {\"status\": \"affected\", \"version\": \"3.2.5SG\"}, {\"status\": \"affected\", \"version\": \"3.2.6SG\"}, {\"status\": \"affected\", \"version\": \"3.2.7SG\"}, {\"status\": \"affected\", \"version\": \"3.2.8SG\"}, {\"status\": \"affected\", \"version\": \"3.2.9SG\"}, {\"status\": \"affected\", \"version\": \"3.2.10SG\"}, {\"status\": \"affected\", \"version\": \"3.2.11SG\"}, {\"status\": \"affected\", \"version\": \"3.3.0SG\"}, {\"status\": \"affected\", \"version\": \"3.3.2SG\"}, {\"status\": \"affected\", \"version\": \"3.3.1SG\"}, {\"status\": \"affected\", \"version\": \"3.3.0XO\"}, {\"status\": \"affected\", \"version\": \"3.3.1XO\"}, {\"status\": \"affected\", \"version\": \"3.3.2XO\"}, {\"status\": \"affected\", \"version\": \"3.4.0SG\"}, {\"status\": \"affected\", \"version\": \"3.4.2SG\"}, {\"status\": \"affected\", \"version\": \"3.4.1SG\"}, {\"status\": \"affected\", \"version\": \"3.4.3SG\"}, {\"status\": \"affected\", \"version\": \"3.4.4SG\"}, {\"status\": \"affected\", \"version\": \"3.4.5SG\"}, {\"status\": \"affected\", \"version\": \"3.4.6SG\"}, {\"status\": \"affected\", \"version\": \"3.4.7SG\"}, {\"status\": \"affected\", \"version\": \"3.4.8SG\"}, {\"status\": \"affected\", \"version\": \"3.5.0E\"}, {\"status\": \"affected\", \"version\": \"3.5.1E\"}, {\"status\": \"affected\", \"version\": \"3.5.2E\"}, {\"status\": \"affected\", \"version\": \"3.5.3E\"}, {\"status\": \"affected\", \"version\": \"3.10.4S\"}, {\"status\": \"affected\", \"version\": \"3.12.0aS\"}, {\"status\": \"affected\", \"version\": \"3.6.0E\"}, {\"status\": \"affected\", \"version\": \"3.6.1E\"}, {\"status\": \"affected\", \"version\": \"3.6.0aE\"}, {\"status\": \"affected\", \"version\": \"3.6.0bE\"}, {\"status\": \"affected\", \"version\": \"3.6.2aE\"}, {\"status\": \"affected\", \"version\": \"3.6.2E\"}, {\"status\": \"affected\", \"version\": \"3.6.3E\"}, {\"status\": \"affected\", \"version\": \"3.6.4E\"}, {\"status\": \"affected\", \"version\": \"3.6.5E\"}, {\"status\": \"affected\", \"version\": \"3.6.6E\"}, {\"status\": \"affected\", \"version\": \"3.6.5aE\"}, {\"status\": \"affected\", \"version\": \"3.6.5bE\"}, {\"status\": \"affected\", \"version\": \"3.6.7E\"}, {\"status\": \"affected\", \"version\": \"3.6.8E\"}, {\"status\": \"affected\", \"version\": \"3.6.7aE\"}, {\"status\": \"affected\", \"version\": \"3.6.7bE\"}, {\"status\": \"affected\", \"version\": \"3.6.9E\"}, {\"status\": \"affected\", \"version\": \"3.6.10E\"}, {\"status\": \"affected\", \"version\": \"3.3.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.3.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.4.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.4.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.7.0E\"}, {\"status\": \"affected\", \"version\": \"3.7.1E\"}, {\"status\": \"affected\", \"version\": \"3.7.2E\"}, {\"status\": \"affected\", \"version\": \"3.7.3E\"}, {\"status\": \"affected\", \"version\": \"3.7.4E\"}, {\"status\": \"affected\", \"version\": \"3.7.5E\"}, {\"status\": \"affected\", \"version\": \"3.5.0SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.1SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.2SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.3SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.4SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.5SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.6SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.7SQ\"}, {\"status\": \"affected\", \"version\": \"3.5.8SQ\"}, {\"status\": \"affected\", \"version\": \"3.16.1S\"}, {\"status\": \"affected\", \"version\": \"3.16.0bS\"}, {\"status\": \"affected\", \"version\": \"3.16.10S\"}, {\"status\": \"affected\", \"version\": \"3.8.0E\"}, {\"status\": \"affected\", \"version\": \"3.8.1E\"}, {\"status\": \"affected\", \"version\": \"3.8.2E\"}, {\"status\": \"affected\", \"version\": \"3.8.3E\"}, {\"status\": \"affected\", \"version\": \"3.8.4E\"}, {\"status\": \"affected\", \"version\": \"3.8.5E\"}, {\"status\": \"affected\", \"version\": \"3.8.5aE\"}, {\"status\": \"affected\", \"version\": \"3.8.6E\"}, {\"status\": \"affected\", \"version\": \"3.8.7E\"}, {\"status\": \"affected\", \"version\": \"3.9.0E\"}, {\"status\": \"affected\", \"version\": \"3.9.1E\"}, {\"status\": \"affected\", \"version\": \"3.9.2E\"}, {\"status\": \"affected\", \"version\": \"3.9.2bE\"}, {\"status\": \"affected\", \"version\": \"16.9.2h\"}, {\"status\": \"affected\", \"version\": \"3.10.0E\"}, {\"status\": \"affected\", \"version\": \"3.10.1E\"}, {\"status\": \"affected\", \"version\": \"3.10.0cE\"}, {\"status\": \"affected\", \"version\": \"3.10.1aE\"}, {\"status\": \"affected\", \"version\": \"3.10.1sE\"}, {\"status\": \"affected\", \"version\": \"16.12.1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2019-03-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-03-29T06:06:05.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.4\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvj25068\", \"CSCvj25124\"]], \"advisory\": \"cisco-sa-20190327-cmp-dos\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.2.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.3SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.4SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.5SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.6SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.7SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.8SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.9SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.10SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.2.11SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.2XO\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.0SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.2SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.1SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.3SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.4SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.5SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.6SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.7SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.8SG\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.4S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.12.0aS\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.0bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.2aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.6E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.5bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.8E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.7bE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.9E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.6.10E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.3.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.4.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.7.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.0SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.1SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.2SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.3SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.4SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.5SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.6SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.7SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.5.8SQ\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.1S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.0bS\", \"version_affected\": \"=\"}, {\"version_value\": \"3.16.10S\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.3E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.4E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.5E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.5aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.6E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.8.7E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.2E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.9.2bE\", \"version_affected\": \"=\"}, {\"version_value\": \"16.9.2h\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.0E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1E\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.0cE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1aE\", \"version_affected\": \"=\"}, {\"version_value\": \"3.10.1sE\", \"version_affected\": \"=\"}, {\"version_value\": \"16.12.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"Cisco IOS and IOS XE Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos\", \"name\": \"20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"http://www.securityfocus.com/bid/107612\", \"name\": \"107612\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-1746\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2019-03-27T16:00:00-0700\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-1746\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T19:41:58.266Z\", \"dateReserved\": \"2018-12-06T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2019-03-27T23:45:13.618Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.