CVE-2019-1858 — Improper Input Validation in Cisco Firepower Extensible Operating System

CWE-20 — Improper Input Validation CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

8.6HIGHNVD

EPSS

3.0%

top 13.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Firepower Extensible Operating System Cisco Fx-os +1 more

Timeline

PublishedMay 16

Latest updateMay 24

Description

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/firepower_extensible_operating_system2.6 — 2.6.1.131

▶CVEListV5cisco/cisco_firepower_extensible_operating_systemunspecified — n/a

▶NVDcisco/fx-os2.3 — 2.3.1.130+2

▶NVDcisco/nx-os7.0\(3\)i7 — 7.0\(3\)i7\(2\)+12

🔴Vulnerability Details

GHSA

GHSA-h4rm-7mpv-29cj: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an↗2022-05-24

▶

CVEList

Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability↗2019-05-16

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability↗2019-05-15

▶