CVE-2019-1901Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Nx-os System Software

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os System SoftwareCisco Nx-os
Timeline
PublishedJul 31
Latest updateMay 24

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP pac

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_system_softwareunspecified13.2(7f)
NVDcisco/nx-os14.0\(1h\)14.1\(2g\)+1

🔴Vulnerability Details

2
GHSA
GHSA-vrrp-56vv-xwg7: A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch2022-05-24
CVEList
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability2019-07-31

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)2020-01-07
Exploit-DB
Microsoft Excel 2016 1901 - XML External Entity Injection2019-12-02

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability2019-07-31
CVE-2019-1901 — Cisco vulnerability | cvebase