CVE-2019-1968Improper Input Validation in Cisco Nx-os Software 6.0 A4

CWE-20Improper Input ValidationCWE-116Improper Encoding or Escaping of Output5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os Software 6.0 A4Cisco Nx-os
Timeline
PublishedAug 30
Latest updateMay 24

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_software_6.0_a4unspecified8.3(2)
NVDcisco/nx-os14 versions+13

🔴Vulnerability Details

3
GHSA
GHSA-cp28-47gg-22cx: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to une2022-05-24
OSV
openssl, openssl1.0 vulnerabilities2020-09-16
CVEList
Cisco NX-OS Software NX-API Denial of Service Vulnerability2019-08-29

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software NX-API Denial of Service Vulnerability2019-08-28
CVE-2019-1968 — Improper Input Validation in Cisco | cvebase