CVE-2019-1594

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGH
EPSS
0.7%
top 27.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Cisco Nexus 1000v Switch FOR Vmware VsphereCisco Nexus 3000 Series SwitchesCisco Nexus 3500 Platform Switches+4 more
Timeline
PublishedMar 6
Latest updateMay 13

Description

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) for

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages7 packages

CVEListV5cisco/nexus_9000_series_fabric_switches_in_aci_modeunspecified13.2(1l)
CVEListV5cisco/nexus_9000_series_switches_in_standalone_nx-os_modeunspecified7.0(3)I7(4)
CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified8.2(3)
CVEListV5cisco/nexus_3000_series_switchesunspecified7.0(3)I7(4)
CVEListV5cisco/nexus_3500_platform_switchesunspecified7.0(3)I7(4)

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-3pp4-86vv-j53p: A vulnerability in the 8022022-05-13
CVEList
Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability2019-03-06

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability2019-03-06
CVE-2019-1594 (HIGH CVSS 7.4) | A vulnerability in the 802.1X imple | cvebase.io