CVE-2019-1965Uncontrolled Resource Consumption in Cisco Nx-os Software

CWE-400Uncontrolled Resource ConsumptionCWE-772Missing Release of Resource after Effective Lifetime5 documents5 sources
Severity
7.7HIGHNVD
EPSS
1.0%
top 23.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedAug 28
Latest updateMay 24

Description

A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.4(1)
NVDcisco/nx-os5.26.2\(29\)+14

🔴Vulnerability Details

2
GHSA
GHSA-6q32-36x4-ww95: A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH pr2022-05-24
CVEList
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability2019-08-28

📋Vendor Advisories

2
Cisco
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability2019-08-28
Red Hat
struts2: remote command execution in Showcase app2013-05-22
CVE-2019-1965 — Uncontrolled Resource Consumption | cvebase