Informazioni sul CVE-2019-1594
Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability
CWE ID: CWE-264
Base Score (CVSS): N/A
CVE: CVE-2019-1594
Descrizione: A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- http://www.securityfocus.com/bid/107325
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth
Prodotti interessati
- Cisco – Nexus 1000V Switch for VMware vSphere
- Cisco – Nexus 3000 Series Switches
- Cisco – Nexus 3500 Platform Switches
- Cisco – Nexus 2000, 5500, 5600, and 6000 Series Switches
- Cisco – Nexus 7000 and 7700 Series Switches
- Cisco – Nexus 9000 Series Fabric Switches in ACI Mode
- Cisco – Nexus 9000 Series Switches in Standalone NX-OS Mode
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Nexus 3000 Series Switches
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 3500 Platform Switches
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 7000 and 7700 Series Switches
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 9000 Series Fabric Switches in ACI Mode
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 9000 Series Switches in Standalone NX-OS Mode
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 1000V Switch for VMware vSphere
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: Nexus 2000
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: 5500
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: 5600
Anno: 2019
CWE: CWE-264
CVSS: 0.0
Produttore:Cisco
Prodotto: 6000 Series Switches
Anno: 2019
CWE: CWE-264
CVSS: 0.0