Cisco NX-OS Software Fabric Services over IP Denial of Service Vulnerability (CVE-2019-1962)

high Nessus Plugin ID 128683

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A denial of service (DoS) vulnerability exists in the Cisco Fabric Services component of Cisco NX-OS Software due to to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An unauthenticated, remote attacker can exploit this issue, via y sending a malicious Cisco Fabric Services TCP packet to an affected device, to cause the process crashes, resulting in a device reload and a DoS condition.
Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCve51688, CSCvh76126, CSCvj00412, and CSCvj00416

Plugin Details

Severity: High

ID: 128683

File Name: cisco-sa-20190828-nxos-fsip-dos.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 9/11/2019

Updated: 12/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-1962

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2019

Vulnerability Publication Date: 8/28/2019

Reference Information

CVE: CVE-2019-1962

CWE: 77

CISCO-SA: cisco-sa-20190828-nxos-fsip-dos

IAVA: 2019-A-0317

CISCO-BUG-ID: CSCva64492, CSCvj59058, CSCvk70625, CSCvk70631, CSCvk70632, CSCvk70633

Detections

Analytics