CVE-2019-1616 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2019-1616?

CVE-2019-1616 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1616?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Nexus 3500, Cisco Nexus 3000, Cisco Nexus 3600.

Vulnerability Description

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a).

CVSS Score

8.6

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Nx-Os	>= 8.2, < 8.3\(1\)
Cisco	Mds 9000	-
Cisco	Nexus 3500	-
Cisco	Nexus 3000	-
Cisco	Nexus 3600	-
Cisco	Nexus 7000	-
Cisco	Nexus 7700	-
Cisco	Nexus 9000	-
Cisco	Nexus 9500	-
Cisco	Ucs 6200	-
Cisco	Ucs 6300	-
Cisco	Ucs 6400	-

Related Weaknesses (CWE)

CWE-20 CWE-119

References

http://www.securityfocus.com/bid/107395Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/107395Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1616?

CVE-2019-1616 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condit...

How severe is CVE-2019-1616?

CVE-2019-1616 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1616?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Nexus 3500, Cisco Nexus 3000, Cisco Nexus 3600.