CNVD-2019-32062

Vulnerability from cnvd - Published: 2019-09-19
VLAI Severity ?
Title
Cisco NX-OS Software资源管理错误漏洞(CNVD-2019-32062)
Description
Cisco Nexus 3000 Series Switches等都是美国思科(Cisco)公司的产品。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco Nexus 3500 Platform Switches是一款3500系列平台交换机。Cisco MDS 9000 Series Multilayer Switches是一款MDS 9000系列多层交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software中的Virtual Shell会话管理存在资源管理错误漏洞,该漏洞源于程序未能正确地删除VSH进程,远程攻击者可通过进行远程管理连接并非法断开连接利用该漏洞造成拒绝服务。
Severity
Patch Name
Cisco NX-OS Software资源管理错误漏洞(CNVD-2019-32062)的补丁
Patch Description
Cisco Nexus 3000 Series Switches等都是美国思科(Cisco)公司的产品。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco Nexus 3500 Platform Switches是一款3500系列平台交换机。Cisco MDS 9000 Series Multilayer Switches是一款MDS 9000系列多层交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software中的Virtual Shell会话管理存在资源管理错误漏洞,该漏洞源于程序未能正确地删除VSH进程,远程攻击者可通过进行远程管理连接并非法断开连接利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos
Impacted products
Name
['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 7000 Series Switches 0', 'Cisco Nexus 3600 Platform Switches', 'Cisco MDS 9000 Series Multilayer Switches', 'Cisco Nexus 9000 Series Switches', 'Cisco UCS 6200 Series Fabric Interconnects', 'Cisco UCS 6300 Series Fabric Interconnects', 'Cisco Nexus 9500 R-Series Switching Platform']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1965",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1965"
    }
  },
  "description": "Cisco Nexus 3000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco Nexus 3500 Platform Switches\u662f\u4e00\u6b3e3500\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\n\nCisco NX-OS Software\u4e2d\u7684Virtual Shell\u4f1a\u8bdd\u7ba1\u7406\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5220\u9664VSH\u8fdb\u7a0b\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u8fdc\u7a0b\u7ba1\u7406\u8fde\u63a5\u5e76\u975e\u6cd5\u65ad\u5f00\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-32062",
  "openTime": "2019-09-19",
  "patchDescription": "Cisco Nexus 3000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco Nexus 3500 Platform Switches\u662f\u4e00\u6b3e3500\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\r\n\r\nCisco NX-OS Software\u4e2d\u7684Virtual Shell\u4f1a\u8bdd\u7ba1\u7406\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5220\u9664VSH\u8fdb\u7a0b\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u8fdc\u7a0b\u7ba1\u7406\u8fde\u63a5\u5e76\u975e\u6cd5\u65ad\u5f00\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco NX-OS Software\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-32062\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Nexus 3000 Series Switche",
      "Cisco Nexus 6000 Series Switches",
      "Cisco Nexus 7700 Series Switches",
      "Cisco Nexus 5600 Platform Switches",
      "Cisco Nexus 5500 Platform Switches",
      "Cisco Nexus 3500 Platform Switches",
      "Cisco Nexus 7000 Series Switches 0",
      "Cisco Nexus 3600 Platform Switches",
      "Cisco MDS 9000 Series Multilayer Switches",
      "Cisco Nexus 9000 Series Switches",
      "Cisco UCS 6200 Series Fabric Interconnects",
      "Cisco UCS 6300 Series Fabric Interconnects",
      "Cisco Nexus 9500 R-Series Switching Platform"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-29",
  "title": "Cisco NX-OS Software\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-32062\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.