Lucene search
HistoryMar 28, 2019 - 12:29 a.m.
CVE-2019-1740
cisco
ios
ios xe
vulnerability
nbar
dns
denial of service
dos
reload
cve-2019-1740
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.4%
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
Affected configurations
Node
ciscoios_xeMatch3.2.0ja
ORciscoios_xeMatch3.16.0as
ORciscoios_xeMatch3.16.0bs
ORciscoios_xeMatch3.16.0cs
ORciscoios_xeMatch3.16.0s
ORciscoios_xeMatch3.16.1as
ORciscoios_xeMatch3.16.1s
ORciscoios_xeMatch3.16.2as
ORciscoios_xeMatch3.16.2bs
ORciscoios_xeMatch3.16.2s
ORciscoios_xeMatch3.16.3as
ORciscoios_xeMatch3.16.3s
ORciscoios_xeMatch3.16.4as
ORciscoios_xeMatch3.16.4bs
ORciscoios_xeMatch3.16.4cs
ORciscoios_xeMatch3.16.4ds
ORciscoios_xeMatch3.16.4es
ORciscoios_xeMatch3.16.4gs
ORciscoios_xeMatch3.16.4s
ORciscoios_xeMatch3.16.5as
ORciscoios_xeMatch3.16.5s
ORciscoios_xeMatch3.17.0s
ORciscoios_xeMatch3.17.1as
ORciscoios_xeMatch3.17.1s
ORciscoios_xeMatch3.17.2s
ORciscoios_xeMatch3.17.3s
ORciscoios_xeMatch3.17.4s
ORciscoios_xeMatch3.18.0as
ORciscoios_xeMatch3.18.0s
ORciscoios_xeMatch3.18.0sp
ORciscoios_xeMatch3.18.1asp
ORciscoios_xeMatch3.18.1bsp
ORciscoios_xeMatch3.18.1csp
ORciscoios_xeMatch3.18.1gsp
ORciscoios_xeMatch3.18.1hsp
ORciscoios_xeMatch3.18.1isp
ORciscoios_xeMatch3.18.1s
ORciscoios_xeMatch3.18.1sp
ORciscoios_xeMatch3.18.2asp
ORciscoios_xeMatch3.18.2s
ORciscoios_xeMatch3.18.2sp
ORciscoios_xeMatch3.18.3s
ORciscoios_xeMatch3.18.4s
ORciscoios_xeMatch16.2.1
ORciscoios_xeMatch16.2.2
ORciscoios_xeMatch16.3.1
ORciscoios_xeMatch16.3.1a
ORciscoios_xeMatch16.3.2
ORciscoios_xeMatch16.3.3
ORciscoios_xeMatch16.3.4
ORciscoios_xeMatch16.4.1
ORciscoios_xeMatch16.4.2
ORciscoios_xeMatch16.4.3
ORciscoios_xeMatch16.5.1
ORciscoios_xeMatch16.5.1a
ORciscoios_xeMatch16.5.1b
ORciscoios_xeMatch16.9.3s
ORciscoios_xeMatch16.9.4c
Node
ciscoiosMatch15.3\(3\)jd
ORciscoiosMatch15.3\(3\)jd2
ORciscoiosMatch15.3\(3\)jd3
ORciscoiosMatch15.3\(3\)jd4
ORciscoiosMatch15.3\(3\)jd5
ORciscoiosMatch15.3\(3\)jd6
ORciscoiosMatch15.3\(3\)jd7
ORciscoiosMatch15.3\(3\)jd8
ORciscoiosMatch15.3\(3\)jd9
ORciscoiosMatch15.3\(3\)jd11
ORciscoiosMatch15.3\(3\)jd12
ORciscoiosMatch15.3\(3\)jd13
ORciscoiosMatch15.3\(3\)jd14
ORciscoiosMatch15.3\(3\)je
ORciscoiosMatch15.3\(3\)jf
ORciscoiosMatch15.3\(3\)jf1
ORciscoiosMatch15.3\(3\)jf2
ORciscoiosMatch15.3\(3\)jf4
ORciscoiosMatch15.3\(3\)jf5
ORciscoiosMatch15.3\(3\)jg
ORciscoiosMatch15.3\(3\)jg1
ORciscoiosMatch15.3\(3\)jh
ORciscoiosMatch15.3\(3\)jk6
ORciscoiosMatch15.3\(3\)jnp
ORciscoiosMatch15.3\(3\)jnp1
ORciscoiosMatch15.3\(3\)jnp3
ORciscoiosMatch15.3\(3\)jpb
ORciscoiosMatch15.3\(3\)jpb1
ORciscoiosMatch15.3\(3\)jpc
ORciscoiosMatch15.3\(3\)jpc1
ORciscoiosMatch15.3\(3\)jpc2
ORciscoiosMatch15.3\(3\)jpc3
ORciscoiosMatch15.3\(3\)jpc5
ORciscoiosMatch15.3\(3\)jpd
ORciscoiosMatch15.5\(3\)m
ORciscoiosMatch15.5\(3\)m0a
ORciscoiosMatch15.5\(3\)m1
ORciscoiosMatch15.5\(3\)m2
ORciscoiosMatch15.5\(3\)m2a
ORciscoiosMatch15.5\(3\)m3
ORciscoiosMatch15.5\(3\)m4
ORciscoiosMatch15.5\(3\)m4a
ORciscoiosMatch15.5\(3\)m4b
ORciscoiosMatch15.5\(3\)m4c
ORciscoiosMatch15.5\(3\)m5
ORciscoiosMatch15.5\(3\)s
ORciscoiosMatch15.5\(3\)s0a
ORciscoiosMatch15.5\(3\)s1
ORciscoiosMatch15.5\(3\)s1a
ORciscoiosMatch15.5\(3\)s2
ORciscoiosMatch15.5\(3\)s3
ORciscoiosMatch15.5\(3\)s4
ORciscoiosMatch15.5\(3\)s5
ORciscoiosMatch15.5\(3\)sn
ORciscoiosMatch15.5\(3\)sn0a
ORciscoiosMatch15.6\(1\)s
ORciscoiosMatch15.6\(1\)s1
ORciscoiosMatch15.6\(1\)s2
ORciscoiosMatch15.6\(1\)s3
ORciscoiosMatch15.6\(1\)s4
ORciscoiosMatch15.6\(1\)sn
ORciscoiosMatch15.6\(1\)sn1
ORciscoiosMatch15.6\(1\)sn2
ORciscoiosMatch15.6\(1\)sn3
ORciscoiosMatch15.6\(1\)t
ORciscoiosMatch15.6\(1\)t0a
ORciscoiosMatch15.6\(1\)t1
ORciscoiosMatch15.6\(1\)t2
ORciscoiosMatch15.6\(2\)s
ORciscoiosMatch15.6\(2\)s1
ORciscoiosMatch15.6\(2\)s2
ORciscoiosMatch15.6\(2\)s3
ORciscoiosMatch15.6\(2\)s4
ORciscoiosMatch15.6\(2\)sn
ORciscoiosMatch15.6\(2\)t
ORciscoiosMatch15.6\(2\)t0a
ORciscoiosMatch15.6\(2\)t1
ORciscoiosMatch15.6\(2\)t2
ORciscoiosMatch15.6\(3\)m
ORciscoiosMatch15.6\(3\)m0a
ORciscoiosMatch15.6\(3\)m1
ORciscoiosMatch15.6\(3\)m1a
ORciscoiosMatch15.6\(3\)m1b
ORciscoiosMatch15.6\(3\)sn
ORciscoiosMatch15.6\(4\)sn
ORciscoiosMatch15.6\(5\)sn
ORciscoiosMatch15.6\(6\)sn
ORciscoiosMatch15.6\(7\)sn
ORciscoiosMatch15.6\(7\)sn1
ORciscoiosMatch15.6\(7\)sn2
ORciscoiosMatch15.6\(7\)sn3
CNA Affected
[
{
"product": "Cisco IOS and Cisco IOS-XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0aS"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "3.2.0JA"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
}
]
}
]Related
nvd
nvd
CVE-2019-1740
2019-03-28 00:29:00
prion
prion
Race condition
2019-03-28 00:29:00
cvelist
cvelist
cisco
cisco
nessus
nessus
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.4%
Related for CVE-2019-1740