CVE-2019-1963 — Improper Input Validation in Cisco Unified Computing System

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.7

EPSS

0.9%

top 24.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Cisco Fx-os Cisco Nx-os

Timeline

PublishedAug 28

Latest updateMay 24

Description

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected devic…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cisco/cisco_unified_computing_systemunspecified — 8.4(1)

▶NVDcisco/fx-os2.3 — 2.3.1.130+2

▶NVDcisco/nx-os5.2 — 6.2\(29\)+18

🔴Vulnerability Details

GHSA

GHSA-fc5g-gpmc-9m95: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an↗2022-05-24

▶

CVEList

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability↗2019-08-28

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability↗2019-08-28

▶