CVE-2019-1594

{"id": "CVE-2019-1594", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2019-03-06T22:29:00.340", "references": [{"url": "http://www.securityfocus.com/bid/107325", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4)."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n 802.X en el software NX-OS de Cisco podr\u00eda permitir a un atacante adyacente sin autenticar provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la validaci\u00f3n incompleta del protocolo de autenticaci\u00f3n extensible sobre tramas LAN (EAPOL). Un atacante podr\u00eda explotarla enviando una trama EAPOL manipulada a una interfaz el dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque el proceso de reenv\u00edo de la Capa 2 (L2) se reinicie m\u00faltiples veces, conduciendo al reinicio del sistema operativo del dispositivo y una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Nota: Esta vulnerabilidad solo afecta a los dispositivos NX-OS que est\u00e9n configurados con la funcionalidad 802.1X. El switch de Cisco Nexus 1000V para los dispositivos de VMware vSphere se ve afectado en versiones anteriores a la 5.2(1)SV3(1.4b). Los switches de Nexus 3000 Series se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus 3500 Platform se ven afectados en versiones anteriores a la 7.0(3)I7(4). Los switches de Nexus, en sus series 2000, 5500, 5600 y 6000, se ven afectados en versiones anteriores a las 7.3(5)N1(1) y 7.1(5)N1(1b). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a la 8.2(3). Las versiones anteriores a la 13.2(1l) de Nexus 9000 Series Fabric Switches, en modo ACI, se ven afectadas. Las versiones anteriores a la 70(3)I7(4) de Nexus 9000 Series Switches, en modo NX-OS, se ven afectadas."}], "lastModified": "2019-10-09T23:47:24.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F7C6A28-C82B-4095-9264-F0C22E56401F", "versionEndExcluding": "5.2\\(1\\)sv3\\(1.4b\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": false, "matchCriteriaId": "9A5FFC5B-6F90-4E8F-9AE2-B4DA4C7A144B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF06D835-FBE6-4866-B410-C2F66AEF68CD", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB"}, {"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "934E7941-C773-4032-944B-4AC57FB11D23", "versionEndExcluding": "7.1\\(5\\)n1\\(1b\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859"}, {"criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D"}, {"criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63"}, {"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC2CF14-BF68-49FD-AFDE-886FD1A51520", "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56195607-721F-4B9E-9C7C-4CB5F20872E1", "versionEndExcluding": "13.2\\(1l\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF06D835-FBE6-4866-B410-C2F66AEF68CD", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000_in_standalone_nx-os_mode:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DA62800-F5DC-48DA-8C81-D684EA8EBB9F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB4F7321-424B-4A60-8A8C-A19D4B8BD500", "versionEndExcluding": "7.3\\(5\\)n1\\(1\\)", "versionStartIncluding": "7.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859"}, {"criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D"}, {"criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63"}, {"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8882184-A5B1-4F67-B942-FDEE2FFD43F4", "versionEndExcluding": "8.2\\(3\\)", "versionStartIncluding": "8.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3411F8C2-D65A-46CF-9563-0A9866462491", "versionEndExcluding": "7.3\\(3\\)d1\\(1\\)", "versionStartIncluding": "7.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BBF703C-304F-466E-930D-99F1CF92F6FD", "versionEndExcluding": "6.2\\(20a\\)", "versionStartIncluding": "6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}