cvelistv5 - cve-2019-1595

CVE-2019-1595 (GCVE-0-2019-1595)

Vulnerability from cvelistv5 – Published: 2019-03-06 22:00 – Updated: 2024-11-21 19:44

Summary

Severity ?

7.4 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-913

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco NX-OS Software	Affected: 7.3(5)N1(1)

CISCO-SA-20190306-NEXUS-FBR-DOS

Vulnerability from csaf_cisco - Published: 2019-03-06 16:00 - Updated: 2019-03-06 16:00

Summary

Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability

Notes

Summary

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"]

Vulnerable Products

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software: Nexus 5600 Platform Switches Nexus 6000 Series Switches Note: For this vulnerability to occur, all of the following conditions must be met: Two vulnerable products need to be connected to each other via Ethernet ports with an incorrect internal mapping. The fcoe OR fcoe-npv feature must enabled. The vulnerable ports must not be configured for FCoE. See the Details ["#details"] section for more information. For information about which Cisco NX-OS Software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determining the Cisco NX-OS Software Release Administrators can check the release of Cisco NX-OS Software that is running on a device by using the show version command in the device CLI. The following example shows the output of the command for a device that is running Cisco NX-OS Software Release 7.3(4)N1(1): nxos-switch#show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html Copyright (c) 2002-2018, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software BIOS: version 3.6.0 Power Sequencer Firmware: Module 1: v3.0 Module 2: v5.0 Microcontroller Firmware: version v1.2.0.1 QSFP Microcontroller Firmware: Module not detected CXP Microcontroller Firmware: Module not detected kickstart: version 7.3(4)N1(1) system: version 7.3(4)N1(1) BIOS compile time: 05/09/2012 kickstart image file is: bootflash:///n5000-uk9-kickstart.7.3.4.N1.1.bin kickstart compile time: 9/10/2018 0:00:00 [09/10/2018 08:29:28] system image file is: bootflash:///n5000-uk9.7.3.4.N1.1.bin system compile time: 9/10/2018 0:00:00 [09/10/2018 12:41:33] . . .

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firewalls Firepower 4100 Series Next-Generation Firewalls Firepower 9300 Security Appliance MDS 9000 Series Multilayer Switches Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 2000 Series Fabric Extenders Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Nexus 9000 Series Switches in standalone NX-OS mode UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects

Details

This vulnerability requires fcoe to be enabled. To see if the fcoe or fcoe-npv feature is configured, use the show feature | include fcoe CLI command: N5K-A# show feature | include fcoe fcoe 1 enabled fcoe-npv 1 disabled This vulnerability also requires that an Ethernet interface not be bound to an FCoE virtual Fibre Channel (vFC) interface. To see if an Ethernet interface is bound to a vFC interface, use the show interface brief CLI command: N5K-A# show interface brief ------------------------------------------------------------------------------- Interface Vsan Admin Admin Status SFP Oper Oper Port Mode Trunk Mode Speed Channel Mode (Gbps) ------------------------------------------------------------------------------- fc1/29 200 F off notConnected swl -- 200 fc1/30 200 F off notConnected swl -- 200 fc1/31 100 F off notConnected swl -- 100 fc1/32 100 F off notConnected swl -- 100 -------------------------------------------------------------------------------- Ethernet VLAN Type Mode Status Reason Speed Port Interface Ch # -------------------------------------------------------------------------------- Eth1/1 1 eth trunk down SFP not inserted 10G(D) -- Eth1/2 1 eth access down SFP not inserted 10G(D) -- <snip> -------------------------------------------------------------------------------- Port VRF Status IP Address Speed MTU -------------------------------------------------------------------------------- mgmt0 -- up 192.168.1.2 100 1500 ------------------------------------------------------------------------------- Interface Vsan Admin Admin Status Bind Oper Oper Mode Trunk Info Mode Speed Mode (Gbps) ------------------------------------------------------------------------------- vfc100 100 F on trunking 00:10:94:00:00:02 TF auto vfc111 100 F on trunking Eth1/1 TF auto vfc200 200 F on trunking 00:20:94:00:00:02 TF auto In this example, Eth1/1 would not be vulnerable because it is bound to a vFC.

Indicators of Compromise

If the devices are configured as outlined in the Vulnerable Products ["#vp"] section, a possible indicator of compromise would be a high Rx input rate on a vulnerable interface coupled with a high Tx rate for all enabled interfaces configured for the same VLAN as shown in the following example: N6K-A# show interface eth1/2 counters brief ------------------------------------------------------------------------------- Interface Input Rate (avg) Output Rate (avg) ------------------ ------------------ Rate Total Rate Total Rate averaging MB/s Frames MB/s Frames interval (seconds) ------------------------------------------------------------------------------- Eth1/2 1140 5482344 1140 5482507 30 1140 5482321 1140 5482488 300 N6K-A# show interface Ethernet 1/11 counters brief ------------------------------------------------------------------------------- Interface Input Rate (avg) Output Rate (avg) ------------------ ------------------ Rate Total Rate Total Rate averaging MB/s Frames MB/s Frames interval (seconds) ------------------------------------------------------------------------------- Eth1/11 0 0 1140 5482508 30 0 0 1140 5482496 300 N6K-A# show interface Ethernet 1/16 counters brief ------------------------------------------------------------------------------- Interface Input Rate (avg) Output Rate (avg) ------------------ ------------------ Rate Total Rate Total Rate averaging MB/s Frames MB/s Frames interval (seconds) ------------------------------------------------------------------------------- Eth1/16 0 0 1140 5482504 30 0 0 1140 5482565 300 If there are any questions regarding the output of your device or the information above, please contact Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table, the left column lists releases of Cisco NX-OS Software. The right column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes "] as indicated in this section. Nexus 5600 and 6000 Series Switches: CSCvn24414 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn24414"] Cisco NX-OS Software Release First Fixed Release for This Vulnerability Prior to 5.2 Not vulnerable 5.2 Not vulnerable 6.0 7.1(5)N1(1b) 7.0 7.1(5)N1(1b) 7.1 7.1(5)N1(1b) 7.2 7.3(5)N1(1) 7.3 7.3(5)N1(1) Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches ["https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/b_MDS_NX-OS_Recommended_Releases.html"] Cisco Nexus 1000V for VMware Switch ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/recommended_releases/b_Cisco_N1KV_VMware_MinRecommendedReleases.html"] Cisco Nexus 3000 Series and 3500 Series Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html"] Cisco Nexus 5000 Series Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/release/recommended_releases/recommended_nx-os_releases.html"] Cisco Nexus 5500 Platform Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html"] Cisco Nexus 6000 Series Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/release/recommended_releases/recommended_nx-os_releases.html"] Cisco Nexus 7000 Series Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html"] Cisco Nexus 9000 Series Switches ["http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_9000_Series_Switches.html"] Cisco Nexus 9000 Series ACI-Mode Switches ["https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.html"] For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found during the resolution of a Cisco TAC support case.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found during the resolution of a Cisco TAC support case."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software:\r\n\r\nNexus 5600 Platform Switches\r\nNexus 6000 Series Switches\r\n\r\nNote: For this vulnerability to occur, all of the following conditions must be met:\r\n\r\nTwo vulnerable products need to be connected to each other via Ethernet ports with an incorrect internal mapping.\r\nThe fcoe OR fcoe-npv feature must enabled.\r\nThe vulnerable ports must not be configured for FCoE.\r\n\r\nSee the Details [\"#details\"] section for more information.\r\n\r\nFor information about which Cisco NX-OS Software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n  Determining the Cisco NX-OS Software Release\r\nAdministrators can check the release of Cisco NX-OS Software that is running on a device by using the show version command in the device CLI. The following example shows the output of the command for a device that is running Cisco NX-OS Software Release 7.3(4)N1(1):\r\n\r\n\r\nnxos-switch#show version\r\nCisco Nexus Operating System (NX-OS) Software  TAC support: http://www.cisco.com/tac  Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html  Copyright (c) 2002-2018, Cisco Systems, Inc. All rights reserved.  The copyrights to certain works contained herein are owned by  other third parties and are used and distributed under license.  Some parts of this software are covered under the GNU Public  License. A copy of the license is available at  http://www.gnu.org/licenses/gpl.html.    Software  BIOS: version 3.6.0  Power Sequencer Firmware:  Module 1: v3.0  Module 2: v5.0  Microcontroller Firmware: version v1.2.0.1  QSFP Microcontroller Firmware:  Module not detected  CXP Microcontroller Firmware:  Module not detected  kickstart: version 7.3(4)N1(1)  system: version 7.3(4)N1(1)  BIOS compile time: 05/09/2012  kickstart image file is: bootflash:///n5000-uk9-kickstart.7.3.4.N1.1.bin  kickstart compile time: 9/10/2018 0:00:00 [09/10/2018 08:29:28]  system image file is: bootflash:///n5000-uk9.7.3.4.N1.1.bin  system compile time: 9/10/2018 0:00:00 [09/10/2018 12:41:33]  .\r\n.\r\n.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nFirepower 2100 Series Firewalls\r\nFirepower 4100 Series Next-Generation Firewalls\r\nFirepower 9300 Security Appliance\r\nMDS 9000 Series Multilayer Switches\r\nNexus 1000V Switch for Microsoft Hyper-V\r\nNexus 1000V Switch for VMware vSphere\r\nNexus 2000 Series Fabric Extenders\r\nNexus 3000 Series Switches\r\nNexus 3500 Platform Switches\r\nNexus 3600 Platform Switches\r\nNexus 5500 Platform Switches\r\nNexus 7000 Series Switches\r\nNexus 7700 Series Switches\r\nNexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode\r\nNexus 9000 Series Switches in standalone NX-OS mode\r\nUCS 6200 Series Fabric Interconnects\r\nUCS 6300 Series Fabric Interconnects\r\nUCS 6400 Series Fabric Interconnects",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "This vulnerability requires fcoe to be enabled. To see if the fcoe or fcoe-npv feature is configured, use the show feature | include fcoe CLI command:\r\n\r\n\r\nN5K-A# show feature | include fcoe\r\nfcoe                  1         enabled\r\nfcoe-npv              1         disabled\r\nThis vulnerability also requires that an Ethernet interface not be bound to an FCoE virtual Fibre Channel (vFC) interface. To see if an Ethernet interface is bound to a vFC interface, use the show interface brief CLI command:\r\nN5K-A# show interface brief\r\n\r\n-------------------------------------------------------------------------------\r\nInterface  Vsan   Admin  Admin   Status          SFP    Oper  Oper   Port\r\nMode   Trunk                          Mode  Speed  Channel\r\nMode                                 (Gbps)\r\n-------------------------------------------------------------------------------\r\nfc1/29     200    F      off     notConnected     swl    --           200\r\nfc1/30     200    F      off     notConnected     swl    --           200\r\nfc1/31     100    F      off     notConnected     swl    --           100\r\nfc1/32     100    F      off     notConnected     swl    --           100\r\n\r\n--------------------------------------------------------------------------------\r\nEthernet      VLAN    Type Mode   Status  Reason                   Speed     Port\r\nInterface                                                                    Ch #\r\n--------------------------------------------------------------------------------\r\nEth1/1        1       eth  trunk  down    SFP not inserted            10G(D) --\r\nEth1/2        1       eth  access down    SFP not inserted            10G(D) --\r\n\r\n\u003csnip\u003e\r\n\r\n--------------------------------------------------------------------------------\r\nPort   VRF          Status IP Address                              Speed    MTU\r\n--------------------------------------------------------------------------------\r\nmgmt0  --           up     192.168.1.2                           100      1500\r\n\r\n-------------------------------------------------------------------------------\r\nInterface   Vsan  Admin Admin   Status      Bind                 Oper     Oper\r\nMode  Trunk               Info                 Mode     Speed\r\nMode                                             (Gbps)\r\n-------------------------------------------------------------------------------\r\nvfc100       100  F     on     trunking    00:10:94:00:00:02        TF   auto\r\nvfc111       100  F     on     trunking    Eth1/1                   TF   auto\r\nvfc200       200  F     on     trunking    00:20:94:00:00:02        TF   auto\r\nIn this example, Eth1/1 would not be vulnerable because it is bound to a vFC.",
        "title": "Details"
      },
      {
        "category": "general",
        "text": "If the devices are configured as outlined in the Vulnerable Products [\"#vp\"] section, a possible indicator of compromise would be a high Rx input rate on a vulnerable interface coupled with a high Tx rate for all enabled interfaces configured for the same VLAN as shown in the following example:\r\n\r\n\r\nN6K-A# show interface eth1/2 counters brief\r\n\r\n-------------------------------------------------------------------------------\r\nInterface         Input Rate (avg)    Output Rate (avg)\r\n------------------  ------------------\r\nRate     Total      Rate     Total        Rate averaging\r\nMB/s     Frames     MB/s     Frames       interval (seconds)\r\n-------------------------------------------------------------------------------\r\nEth1/2            1140     5482344    1140     5482507      30\r\n1140     5482321    1140     5482488      300\r\n\r\nN6K-A# show interface Ethernet 1/11 counters brief\r\n\r\n-------------------------------------------------------------------------------\r\nInterface         Input Rate (avg)    Output Rate (avg)\r\n------------------  ------------------\r\nRate     Total      Rate     Total        Rate averaging\r\nMB/s     Frames     MB/s     Frames       interval (seconds)\r\n-------------------------------------------------------------------------------\r\nEth1/11           0        0          1140     5482508      30\r\n0        0          1140     5482496      300\r\n\r\nN6K-A# show interface Ethernet 1/16 counters brief\r\n\r\n-------------------------------------------------------------------------------\r\nInterface         Input Rate (avg)    Output Rate (avg)\r\n------------------  ------------------\r\nRate     Total      Rate     Total        Rate averaging\r\nMB/s     Frames     MB/s     Frames       interval (seconds)\r\n-------------------------------------------------------------------------------\r\nEth1/16           0        0          1140     5482504      30\r\n0        0          1140     5482565      300\r\n\r\nIf there are any questions regarding the output of your device or the information above, please contact Cisco TAC:\r\n  https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]",
        "title": "Indicators of Compromise"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n  Fixed Releases\r\nIn the following table, the left column lists releases of Cisco NX-OS Software. The right column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes \"] as indicated in this section.\r\n  Nexus 5600 and 6000 Series Switches: CSCvn24414 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn24414\"]\r\n                              Cisco NX-OS Software Release              First Fixed Release for This Vulnerability                                              Prior to 5.2              Not vulnerable                                  5.2              Not vulnerable                                  6.0              7.1(5)N1(1b)                                  7.0              7.1(5)N1(1b)                                  7.1              7.1(5)N1(1b)                                  7.2              7.3(5)N1(1)                                  7.3              7.3(5)N1(1)                    Additional Resources\r\nFor help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.\r\n\r\n\r\nCisco MDS Series Switches [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/b_MDS_NX-OS_Recommended_Releases.html\"]\r\nCisco Nexus 1000V for VMware Switch [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/recommended_releases/b_Cisco_N1KV_VMware_MinRecommendedReleases.html\"]\r\nCisco Nexus 3000 Series and 3500 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html\"]\r\nCisco Nexus 5000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/release/recommended_releases/recommended_nx-os_releases.html\"]\r\nCisco Nexus 5500 Platform Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html\"]\r\nCisco Nexus 6000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/release/recommended_releases/recommended_nx-os_releases.html\"]\r\nCisco Nexus 7000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html\"]\r\nCisco Nexus 9000 Series Switches [\"http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_9000_Series_Switches.html\"]\r\nCisco Nexus 9000 Series ACI-Mode Switches [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.html\"]\r\n  For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found during the resolution of a Cisco TAC support case.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "fixed software release",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "CSCvn24414",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn24414"
      },
      {
        "category": "external",
        "summary": "Cisco MDS Series Switches",
        "url": "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/b_MDS_NX-OS_Recommended_Releases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 1000V for VMware Switch",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/recommended_releases/b_Cisco_N1KV_VMware_MinRecommendedReleases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 3000 Series and 3500 Series Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 5000 Series Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/release/recommended_releases/recommended_nx-os_releases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 5500 Platform Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 6000 Series Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/release/recommended_releases/recommended_nx-os_releases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 7000 Series Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 9000 Series Switches",
        "url": "http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_9000_Series_Switches.html"
      },
      {
        "category": "external",
        "summary": "Cisco Nexus 9000 Series ACI-Mode Switches",
        "url": "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.html"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
    "tracking": {
      "current_release_date": "2019-03-06T16:00:00+00:00",
      "generator": {
        "date": "2022-09-03T03:17:08+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-20190306-nexus-fbr-dos",
      "initial_release_date": "2019-03-06T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2019-03-06T15:36:51+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N1(1)",
                    "product": {
                      "name": "6.0(2)N1(1)",
                      "product_id": "CSAFPID-201875"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N1(2)",
                    "product": {
                      "name": "6.0(2)N1(2)",
                      "product_id": "CSAFPID-201876"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N1(2a)",
                    "product": {
                      "name": "6.0(2)N1(2a)",
                      "product_id": "CSAFPID-201877"
                    }
                  }
                ],
                "category": "product_version",
                "name": "6.0(2)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(1)",
                    "product": {
                      "name": "6.0(2)N2(1)",
                      "product_id": "CSAFPID-201878"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(1b)",
                    "product": {
                      "name": "6.0(2)N2(1b)",
                      "product_id": "CSAFPID-201879"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(2)",
                    "product": {
                      "name": "6.0(2)N2(2)",
                      "product_id": "CSAFPID-201880"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(3)",
                    "product": {
                      "name": "6.0(2)N2(3)",
                      "product_id": "CSAFPID-201881"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(4)",
                    "product": {
                      "name": "6.0(2)N2(4)",
                      "product_id": "CSAFPID-201882"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(5)",
                    "product": {
                      "name": "6.0(2)N2(5)",
                      "product_id": "CSAFPID-201883"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(5a)",
                    "product": {
                      "name": "6.0(2)N2(5a)",
                      "product_id": "CSAFPID-212034"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(6)",
                    "product": {
                      "name": "6.0(2)N2(6)",
                      "product_id": "CSAFPID-212035"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "6.0(2)N2(7)",
                    "product": {
                      "name": "6.0(2)N2(7)",
                      "product_id": "CSAFPID-212036"
                    }
                  }
                ],
                "category": "product_version",
                "name": "6.0(2)N2"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(0)N1(1)",
                    "product": {
                      "name": "7.0(0)N1(1)",
                      "product_id": "CSAFPID-201884"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(0)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(1)N1(1)",
                    "product": {
                      "name": "7.0(1)N1(1)",
                      "product_id": "CSAFPID-201885"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(1)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(2)N1(1)",
                    "product": {
                      "name": "7.0(2)N1(1)",
                      "product_id": "CSAFPID-201886"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(2)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(3)N1(1)",
                    "product": {
                      "name": "7.0(3)N1(1)",
                      "product_id": "CSAFPID-201887"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(3)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(4)N1(1)",
                    "product": {
                      "name": "7.0(4)N1(1)",
                      "product_id": "CSAFPID-212037"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(4)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(5)N1(1)",
                    "product": {
                      "name": "7.0(5)N1(1)",
                      "product_id": "CSAFPID-212038"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.0(5)N1(1a)",
                    "product": {
                      "name": "7.0(5)N1(1a)",
                      "product_id": "CSAFPID-212039"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(5)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(6)N1(1)",
                    "product": {
                      "name": "7.0(6)N1(1)",
                      "product_id": "CSAFPID-208805"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(6)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(7)N1(1)",
                    "product": {
                      "name": "7.0(7)N1(1)",
                      "product_id": "CSAFPID-212040"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(7)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.0(8)N1(1)",
                    "product": {
                      "name": "7.0(8)N1(1)",
                      "product_id": "CSAFPID-220727"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.0(8)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(0)N1(1a)",
                    "product": {
                      "name": "7.1(0)N1(1a)",
                      "product_id": "CSAFPID-212041"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.1(0)N1(1b)",
                    "product": {
                      "name": "7.1(0)N1(1b)",
                      "product_id": "CSAFPID-212042"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.1(0)N1(1)",
                    "product": {
                      "name": "7.1(0)N1(1)",
                      "product_id": "CSAFPID-230492"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(0)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(1)N1(1)",
                    "product": {
                      "name": "7.1(1)N1(1)",
                      "product_id": "CSAFPID-208806"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(1)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(2)N1(1)",
                    "product": {
                      "name": "7.1(2)N1(1)",
                      "product_id": "CSAFPID-212043"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(2)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(3)N1(1)",
                    "product": {
                      "name": "7.1(3)N1(1)",
                      "product_id": "CSAFPID-212044"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "7.1(3)N1(2)",
                    "product": {
                      "name": "7.1(3)N1(2)",
                      "product_id": "CSAFPID-220733"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(3)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(4)N1(1)",
                    "product": {
                      "name": "7.1(4)N1(1)",
                      "product_id": "CSAFPID-220734"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(4)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.1(5)N1(1)",
                    "product": {
                      "name": "7.1(5)N1(1)",
                      "product_id": "CSAFPID-230473"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.1(5)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.2(0)N1(1)",
                    "product": {
                      "name": "7.2(0)N1(1)",
                      "product_id": "CSAFPID-212045"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.2(0)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.2(1)N1(1)",
                    "product": {
                      "name": "7.2(1)N1(1)",
                      "product_id": "CSAFPID-212046"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.2(1)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.3(0)N1(1)",
                    "product": {
                      "name": "7.3(0)N1(1)",
                      "product_id": "CSAFPID-220737"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.3(0)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.3(1)N1(1)",
                    "product": {
                      "name": "7.3(1)N1(1)",
                      "product_id": "CSAFPID-227352"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.3(1)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.3(2)N1(1)",
                    "product": {
                      "name": "7.3(2)N1(1)",
                      "product_id": "CSAFPID-230467"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.3(2)N1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "7.3(3)N1(1)",
                    "product": {
                      "name": "7.3(3)N1(1)",
                      "product_id": "CSAFPID-239639"
                    }
                  }
                ],
                "category": "product_version",
                "name": "7.3(3)N1"
              }
            ],
            "category": "product_family",
            "name": "Cisco NX-OS Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-1595",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCvn24414"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-201875",
          "CSAFPID-201876",
          "CSAFPID-201877",
          "CSAFPID-201878",
          "CSAFPID-201879",
          "CSAFPID-201880",
          "CSAFPID-201881",
          "CSAFPID-201882",
          "CSAFPID-201883",
          "CSAFPID-201884",
          "CSAFPID-201885",
          "CSAFPID-201886",
          "CSAFPID-201887",
          "CSAFPID-208805",
          "CSAFPID-208806",
          "CSAFPID-212034",
          "CSAFPID-212035",
          "CSAFPID-212036",
          "CSAFPID-212037",
          "CSAFPID-212038",
          "CSAFPID-212039",
          "CSAFPID-212040",
          "CSAFPID-212041",
          "CSAFPID-212042",
          "CSAFPID-212043",
          "CSAFPID-212044",
          "CSAFPID-212045",
          "CSAFPID-212046",
          "CSAFPID-220727",
          "CSAFPID-220733",
          "CSAFPID-220734",
          "CSAFPID-220737",
          "CSAFPID-227352",
          "CSAFPID-230467",
          "CSAFPID-230473",
          "CSAFPID-230492",
          "CSAFPID-239639"
        ]
      },
      "release_date": "2019-03-06T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-201875",
            "CSAFPID-201876",
            "CSAFPID-201877",
            "CSAFPID-201878",
            "CSAFPID-201879",
            "CSAFPID-201880",
            "CSAFPID-201881",
            "CSAFPID-201882",
            "CSAFPID-201883",
            "CSAFPID-201884",
            "CSAFPID-201885",
            "CSAFPID-201886",
            "CSAFPID-201887",
            "CSAFPID-208805",
            "CSAFPID-208806",
            "CSAFPID-212034",
            "CSAFPID-212035",
            "CSAFPID-212036",
            "CSAFPID-212037",
            "CSAFPID-212038",
            "CSAFPID-212039",
            "CSAFPID-212040",
            "CSAFPID-212041",
            "CSAFPID-212042",
            "CSAFPID-212043",
            "CSAFPID-212044",
            "CSAFPID-212045",
            "CSAFPID-212046",
            "CSAFPID-220727",
            "CSAFPID-220733",
            "CSAFPID-220734",
            "CSAFPID-220737",
            "CSAFPID-227352",
            "CSAFPID-230467",
            "CSAFPID-230473",
            "CSAFPID-230492",
            "CSAFPID-239639"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-201875",
            "CSAFPID-201876",
            "CSAFPID-201877",
            "CSAFPID-201878",
            "CSAFPID-201879",
            "CSAFPID-201880",
            "CSAFPID-201881",
            "CSAFPID-201882",
            "CSAFPID-201883",
            "CSAFPID-201884",
            "CSAFPID-201885",
            "CSAFPID-201886",
            "CSAFPID-201887",
            "CSAFPID-208805",
            "CSAFPID-208806",
            "CSAFPID-212034",
            "CSAFPID-212035",
            "CSAFPID-212036",
            "CSAFPID-212037",
            "CSAFPID-212038",
            "CSAFPID-212039",
            "CSAFPID-212040",
            "CSAFPID-212041",
            "CSAFPID-212042",
            "CSAFPID-212043",
            "CSAFPID-212044",
            "CSAFPID-212045",
            "CSAFPID-212046",
            "CSAFPID-220727",
            "CSAFPID-220733",
            "CSAFPID-220734",
            "CSAFPID-220737",
            "CSAFPID-227352",
            "CSAFPID-230467",
            "CSAFPID-230473",
            "CSAFPID-230492",
            "CSAFPID-239639"
          ]
        }
      ],
      "title": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability"
    }
  ]
}

GSD-2019-1595

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-1595

Aliases

CVE-2019-1595

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-1595",
    "description": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).",
    "id": "GSD-2019-1595"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-1595"
      ],
      "details": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).",
      "id": "GSD-2019-1595",
      "modified": "2023-12-13T01:23:51.832424Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
        "ID": "CVE-2019-1595",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco NX-OS Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.3(5)N1(1)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "7.4",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-913"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107320",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107320"
          },
          {
            "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20190306-nexus-fbr-dos",
        "defect": [
          [
            "CSCvn24414"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.3\\(5\\)n1\\(1\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2019-1595"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-913"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
            },
            {
              "name": "107320",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/107320"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:47Z",
      "publishedDate": "2019-03-06T22:29Z"
    }
  }
}

GHSA-6M2H-JQ7C-RVM8

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-1595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-06T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).",
  "id": "GHSA-6m2h-jq7c-rvm8",
  "modified": "2022-05-13T01:31:32Z",
  "published": "2022-05-13T01:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1595"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201903-0579

Vulnerability from variot - Updated: 2023-12-18 13:33

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1). Cisco NX-OS The software is vulnerable to improper control of dynamically manipulated code resources.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Nexus 5600 and 6000 Series Switches are modular and fixed-port network switches designed for data centers. This issue is being tracked by Cisco bug ID CSCvn24414

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0579",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nx-os 7.3 d1",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3\\(5\\)n1\\(1\\)"
      },
      {
        "model": "nx-os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.3(5)n1(1)"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "nx-os 7.3 n1",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 7.3 dx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "nx-os 7.3 n1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 7.1 n1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "BID",
        "id": "107320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.3\\(5\\)n1\\(1\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "107320"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-1595",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-1595",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-06608",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-148047",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-1595",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-1595",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2019-1595",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-06608",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-178",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-148047",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1). Cisco NX-OS The software is vulnerable to improper control of dynamically manipulated code resources.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Nexus 5600 and 6000 Series Switches are modular and fixed-port network switches designed for data centers. \nThis issue is being tracked by Cisco bug ID CSCvn24414",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "BID",
        "id": "107320"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1595",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "107320",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0710",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "db": "BID",
        "id": "107320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "id": "VAR-201903-0579",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      }
    ],
    "trust": 1.270700005
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:33:33.171000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20190306-nexus-fbr-dos",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nexus-fbr-dos"
      },
      {
        "title": "Patch for Cisco Nexus 5600 and 6000 Series Switch Denial of Service Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/155607"
      },
      {
        "title": "Cisco NX-OS Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89851"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-913",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nexus-fbr-dos"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/107320"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1595"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1595"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76618"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "db": "BID",
        "id": "107320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "db": "BID",
        "id": "107320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "date": "2019-03-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "date": "2019-03-06T00:00:00",
        "db": "BID",
        "id": "107320"
      },
      {
        "date": "2019-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "date": "2019-03-06T22:29:00.387000",
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "date": "2019-03-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-06608"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-148047"
      },
      {
        "date": "2019-03-06T00:00:00",
        "db": "BID",
        "id": "107320"
      },
      {
        "date": "2019-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      },
      {
        "date": "2019-10-09T23:47:25.207000",
        "db": "NVD",
        "id": "CVE-2019-1595"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS Software improper control of dynamically manipulated code resources vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002276"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-178"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-06608

Vulnerability from cnvd - Published: 2019-03-06

Title

Cisco Nexus 5600和6000系列交换机拒绝服务漏洞

Description

Cisco Nexus 5600和6000系列交换机是专为数据中心设计的模块化和固定端口网络交换机。 Cisco Nexus 5600和6000系列交换机的Cisco NX-OS软件的以太网光纤通道（FCoE）协议实现存在拒绝服务漏洞。该漏洞源于内部接口索引未能正确分配。能够提交跨受影响接口的特制FCoE数据包的近邻攻击者可利用漏洞导致受影响接口上的数据包循环和高吞吐量，从而可导致拒绝服务。

Severity

中

Patch Name

Cisco Nexus 5600和6000系列交换机拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos

Impacted products

Name
['Cisco Nexus 5000 Series Switches', 'Cisco Nexus 6000 Series Switches']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "107320"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1595"
    }
  },
  "description": "Cisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u662f\u4e13\u4e3a\u6570\u636e\u4e2d\u5fc3\u8bbe\u8ba1\u7684\u6a21\u5757\u5316\u548c\u56fa\u5b9a\u7aef\u53e3\u7f51\u7edc\u4ea4\u6362\u673a\u3002\n\nCisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u7684Cisco NX-OS\u8f6f\u4ef6\u7684\u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053\uff08FCoE\uff09\u534f\u8bae\u5b9e\u73b0\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8\u63a5\u53e3\u7d22\u5f15\u672a\u80fd\u6b63\u786e\u5206\u914d\u3002\u80fd\u591f\u63d0\u4ea4\u8de8\u53d7\u5f71\u54cd\u63a5\u53e3\u7684\u7279\u5236FCoE\u6570\u636e\u5305\u7684\u8fd1\u90bb\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u63a5\u53e3\u4e0a\u7684\u6570\u636e\u5305\u5faa\u73af\u548c\u9ad8\u541e\u5410\u91cf\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-06608",
  "openTime": "2019-03-06",
  "patchDescription": "Cisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u662f\u4e13\u4e3a\u6570\u636e\u4e2d\u5fc3\u8bbe\u8ba1\u7684\u6a21\u5757\u5316\u548c\u56fa\u5b9a\u7aef\u53e3\u7f51\u7edc\u4ea4\u6362\u673a\u3002\r\n\r\nCisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u7684Cisco NX-OS\u8f6f\u4ef6\u7684\u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053\uff08FCoE\uff09\u534f\u8bae\u5b9e\u73b0\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8\u63a5\u53e3\u7d22\u5f15\u672a\u80fd\u6b63\u786e\u5206\u914d\u3002\u80fd\u591f\u63d0\u4ea4\u8de8\u53d7\u5f71\u54cd\u63a5\u53e3\u7684\u7279\u5236FCoE\u6570\u636e\u5305\u7684\u8fd1\u90bb\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u63a5\u53e3\u4e0a\u7684\u6570\u636e\u5305\u5faa\u73af\u548c\u9ad8\u541e\u5410\u91cf\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Nexus 5000 Series Switches",
      "Cisco Nexus 6000 Series Switches"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-07",
  "title": "Cisco Nexus 5600\u548c6000\u7cfb\u5217\u4ea4\u6362\u673a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2019-1595

Vulnerability from fkie_nvd - Published: 2019-03-06 22:29 - Updated: 2024-11-21 04:36

Severity ?

7.4 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/107320	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107320	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	nx-os	*
cisco	nexus_5600	-
cisco	nexus_6000	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CF3A40-A695-4722-A557-8A2C1AD831B6",
              "versionEndExcluding": "7.3\\(5\\)n1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n del protocolo Fibre Channel over Ethernet (FCoE) en el software NX-OS de Cisco podr\u00eda permitir a un atacante adyacente sin autenticar provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de un \u00edndice de interfaz interno. Un atacante adyacente capacitado para enviar un paquete FCoE manipulado que cruzase las interfaces afectadas podr\u00eda provocar esta vulnerabilidad. Si se explota esta vulnerabilidad con \u00e9xito, un atacante podr\u00eda provocar un bucle de paquete y un throughput alto en los dispositivos afectados, conduciendo a una condici\u00f3n DoS. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 7.3(5)N1(1)."
    }
  ],
  "id": "CVE-2019-1595",
  "lastModified": "2024-11-21T04:36:53.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-06T22:29:00.387",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107320"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-913"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-913"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-1595 (GCVE-0-2019-1595)

CISCO-SA-20190306-NEXUS-FBR-DOS

GSD-2019-1595

GHSA-6M2H-JQ7C-RVM8

VAR-201903-0579

CNVD-2019-06608

FKIE_CVE-2019-1595

Tags

Sightings

Nomenclature