CVE-2019-1741Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input ValidationCWE-416Use After Free4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 28
Latest updateMay 13

Description

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software14 versions+13
NVDcisco/ios_xe14 versions+13

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-p3fr-r42j-9w52: A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cau2022-05-13
CVEList
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability2019-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability2019-03-27
CVE-2019-1741 — Improper Input Validation in Cisco | cvebase