CVE-2019-1616

{"id": "CVE-2019-1616", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2019-03-11T21:29:00.967", "references": [{"url": "http://www.securityfocus.com/bid/107395", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in process crashes and a DoS condition on the device. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(25), 8.1(1b), 8.3(1). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5) Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). UCS 6200, 6300, and 6400 Fabric Interconnects are affected running software versions prior to 3.2(3j) and 4.0(2a)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Cisco Fabric Services del software NX-OS de Cisco podr\u00eda permitir a un atacante remoto no autenticado provocar un desbordamiento de b\u00fafer, conduciendo a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de paquetes de Cisco Fabric Services. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete Cisco Fabric Services manipulado a un dispositivo afectado. Un exploit con \u00e9xito podr\u00eda permitir al atacante provocar un desbordamiento de b\u00fafer, conduciendo a cierres de procesos y una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los switches de MDS 9000 Series Multilayer se ven afectados en versiones anteriores a 6.25(25), 8.1(1b) y 8.3(1). Los switches de Nexus 3000 Series se ven afectados en versiones de software anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de Nexus 3500 Platform Series se ven afectados en versiones de software anteriores a las 6.0(2)A8(10) y 7.0(3)I7(4). Los switches de Nexus 3600, se ven afectados en versiones anteriores a las 7.0(3)F3(5) y los switches de Nexus de la series 7000 y 7700 se ven afectados en versiones anteriores a las 6.2(22) y 8.2(3). Los switches de Nexus 9000 en modo Standalone NX-OS se ven afectados en versiones de software anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de 9500 R-Series Line Cards y Fabric Modules se ven afectados en versiones anteriores a la 7.0(3)F3(5). UCS 6200, 6300 y 6400 Series Fabric Interconnect se ven afectados en versiones anteriores a las 3.2(3j) y 4.0(2a)."}], "lastModified": "2019-10-09T23:47:30.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4863FC5-6578-48DE-838D-E5D2EEFF27B1", "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F24A8F48-7C57-40DD-AF84-3CB2940611DF", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C59A80D2-51B2-42C4-8FAA-F00A42388F90", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B76CC56F-08AB-46EB-B9DB-E1EE77201855", "versionEndExcluding": "7.0\\(3\\)f3\\(3c\\)", "versionStartIncluding": "7.0\\(3\\)f3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A90CA0AC-1B11-4875-B67F-BE443682C89D", "versionEndExcluding": "8.2\\(3\\)", "versionStartIncluding": "7.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C59A80D2-51B2-42C4-8FAA-F00A42388F90", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1D65811-E82B-4FE9-A23B-7538FD2D4AF1", "versionEndExcluding": "7.0\\(3\\)f3\\(3c\\)", "versionStartIncluding": "7.0\\(3\\)f1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86770ECC-BC1D-42BC-A65B-FCE598491BEE", "versionEndExcluding": "8.1\\(1b\\)", "versionStartIncluding": "7.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E762B981-6AC3-41E2-9FF5-DBA9616EA75C", "versionEndExcluding": "6.2\\(25\\)", "versionStartIncluding": "5.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFCC3C2-3483-4BD0-AF71-23574D0849B1", "versionEndExcluding": "7.0\\(3\\)i4\\(9\\)", "versionStartIncluding": "7.0\\(3\\)i4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30AB8D6-3F3F-43A3-B7E9-ABD5D3052FA8", "versionEndExcluding": "6.2\\(22\\)", "versionStartIncluding": "6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67D92F3-7EE1-4CFD-9608-4E35994C1BC4", "versionEndExcluding": "6.2\\(22\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B576CF-5EAD-4830-A7B7-ACC434349691", "versionEndExcluding": "7.0\\(3\\)i4\\(9\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEC3E03D-81F8-4EF4-96A1-D6F0B2767055", "versionEndExcluding": "6.0\\(2\\)a8\\(10\\)", "versionStartIncluding": "6.0\\(2\\)a8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "013763DA-8E91-452D-8E00-A15F10D0D0FA", "versionEndIncluding": "6.0\\(2\\)a8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7863D91-BA8E-4FB4-9294-8E0B92F42825", "versionEndIncluding": "7.0\\(3\\)i4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A332B7-8234-442D-B6FA-EFE5D604E436", "versionEndExcluding": "4.0\\(2a\\)", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0B96E5C-CC27-4020-93CE-413B95DCABB0"}, {"criteria": "cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6BCF41B-A617-4563-8D14-E906411354FB"}, {"criteria": "cpe:2.3:h:cisco:ucs_6400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1888B66-5CF7-4D4D-B832-E2CF75D6EAD8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01C8F238-9A6A-4DFA-AE7B-8E69CD2E4F59", "versionEndExcluding": "3.2\\(3j\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0B96E5C-CC27-4020-93CE-413B95DCABB0"}, {"criteria": "cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6BCF41B-A617-4563-8D14-E906411354FB"}, {"criteria": "cpe:2.3:h:cisco:ucs_6400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1888B66-5CF7-4D4D-B832-E2CF75D6EAD8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}