CVE-2019-1737Uncontrolled Resource Consumption in Cisco IOS AND Ios-xe Software

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
8.6HIGHNVD
EPSS
1.0%
top 23.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS AND Ios-xe SoftwareCisco IOSCisco IOS XE
Timeline
PublishedMar 27
Latest updateMay 13

Description

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

CVEListV5cisco/cisco_ios_and_ios-xe_software196 versions+195
NVDcisco/ios420 versions+419
NVDcisco/ios_xe195 versions+194

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-rj49-4mj7-h39g: A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthent2022-05-13
CVEList
Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability2019-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability2019-03-27
CVE-2019-1737 — Uncontrolled Resource Consumption | cvebase