CVE-2019-1814 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2019-1814?

CVE-2019-1814 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1814?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sf302-08Pp Firmware, Cisco Sf302-08Pp, Cisco Sf302-08Mpp Firmware, Cisco Sf302-08Mpp, Cisco Sg300-10Pp Firmware.

Vulnerability Description

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Sf302-08Pp Firmware	< 1.4.10.6
Cisco	Sf302-08Pp	-
Cisco	Sf302-08Mpp Firmware	< 1.4.10.6
Cisco	Sf302-08Mpp	-
Cisco	Sg300-10Pp Firmware	< 1.4.10.6
Cisco	Sg300-10Pp	-
Cisco	Sg300-10Mpp Firmware	< 1.4.10.6
Cisco	Sg300-10Mpp	-
Cisco	Sf300-24Pp Firmware	< 1.4.10.6
Cisco	Sf300-24Pp	-
Cisco	Sf300-48Pp Firmware	< 1.4.10.6
Cisco	Sf300-48Pp	-
Cisco	Sg300-28Pp Firmware	< 1.4.10.6
Cisco	Sg300-28Pp	-
Cisco	Sf300-08 Firmware	< 1.4.10.6
Cisco	Sf300-08	-
Cisco	Sf300-48P Firmware	< 1.4.10.6
Cisco	Sf300-48P	-
Cisco	Sg300-10Mp Firmware	< 1.4.10.6
Cisco	Sg300-10Mp	-

Related Weaknesses (CWE)

CWE-770 CWE-400

References

http://www.securityfocus.com/bid/108344Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/108344Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1814?

CVE-2019-1814 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device ...

How severe is CVE-2019-1814?

CVE-2019-1814 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1814?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sf302-08Pp Firmware, Cisco Sf302-08Pp, Cisco Sf302-08Mpp Firmware, Cisco Sf302-08Mpp, Cisco Sg300-10Pp Firmware.