Vulnslist

find the latest Cisco vulnerabilities

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

cisco-sa-20190828-fxnxos-snmp-dos · High · Published · Updated

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos This advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.
Mitigation for Cisco NX-OS Software
As a mitigation for the vulnerability that is described in this advisory, administrators of systems that are running Cisco NX-OS Software can configure an access control list (ACL) on an SNMP community to filter incoming SNMP requests to ensure that SNMP polling is performed only by trusted SNMP clients. In the following example, the device will accept incoming SNMPv2c requests only from a single trusted host, 192.168.1.2:

switch# show access-list acl_for_snmp
IPV4 ACL acl_for_snmp
10 permit udp 192.168.1.2/32 192.168.1.3/32 eq snmp

To implement the preceding ACL, administrators can add it to the snmp-server community configuration command:

switch# show running-config snmp
!Command: show running-config snmp snmp-server community mycompany use-acl acl_for_snmp

For additional information about configuring ACLs to filter incoming SNMP requests, see Filtering SNMP Requests ["https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/system_management/b_Cisco_Nexus_5000_Series_NX-OS_System_Management_Configuration_Guide/Cisco_Nexus_5000_Series_NX-OS_System_Management_Configuration_Guide_chapter9.html#task_D3862190751F4B1A9F5353B015A888A7"] in the Cisco NX-OS Configuration Guide.

CVEsCVE-2019-1963
Cisco Bug IDsCSCvn23534, CSCvn13270, CSCvn23531, CSCvn23532, CSCvn23537, CSCvn23535, CSCvn23538, CSCvn23536, CSCvn23529
CVSS ScoreBase 7.7
Base 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Computing System (Managed), Cisco NX-OS Software 7.0(3)F3(1), Cisco NX-OS Software 7.0(3)F3(2), Cisco NX-OS Software 7.0(3)F3(3), Cisco NX-OS Software 7.0(3)F3(3a), Cisco NX-OS Software 7.0(3)F3(4), Cisco NX-OS Software 7.0(3)F3(3c), Cisco NX-OS Software 7.0(3)F3(5), Cisco NX-OS Software 7.0(3)I4(1), Cisco NX-OS Software 7.0(3)I4(2), Cisco NX-OS Software 7.0(3)I4(3), Cisco NX-OS Software 7.0(3)I4(4), Cisco NX-OS Software 7.0(3)I4(5), Cisco NX-OS Software 7.0(3)I4(6), Cisco NX-OS Software 7.0(3)I4(7), Cisco NX-OS Software 7.0(3)I4(8), Cisco NX-OS Software 7.0(3)I4(8a), Cisco NX-OS Software 7.0(3)I4(8b), Cisco NX-OS Software 7.0(3)I4(8z), Cisco NX-OS Software 7.0(3)I4(1t), Cisco NX-OS Software 7.0(3)I4(6t), Cisco NX-OS Software 7.0(3)I5(1), Cisco NX-OS Software 7.0(3)I5(2), Cisco NX-OS Software 7.0(3)I5(3), Cisco NX-OS Software 7.0(3)I5(3a), Cisco NX-OS Software 7.0(3)I5(3b), Cisco NX-OS Software 7.0(3)I6(1), Cisco NX-OS Software 7.0(3)I6(2), Cisco NX-OS Software 7.0(3)I7(1), Cisco NX-OS Software 7.0(3)I7(2), Cisco NX-OS Software 7.0(3)I7(3), Cisco NX-OS Software 7.0(3)I7(4), Cisco NX-OS Software 7.0(3)I7(5), Cisco NX-OS Software 7.0(3)I7(5a), Cisco NX-OS Software 7.0(3)I7(3z), Cisco NX-OS Software 7.3(0)D1(1), Cisco NX-OS Software 7.3(0)DX(1), Cisco NX-OS Software 7.3(0)DY(1), Cisco NX-OS Software 7.3(0)N1(1), Cisco NX-OS Software 7.3(0)N1(1b), Cisco NX-OS Software 7.3(0)N1(1a), Cisco NX-OS Software 7.3(1)D1(1), Cisco NX-OS Software 7.3(1)DY(1), Cisco NX-OS Software 7.3(1)N1(1), Cisco NX-OS Software 7.3(2)D1(1), Cisco NX-OS Software 7.3(2)D1(2), Cisco NX-OS Software 7.3(2)D1(3), Cisco NX-OS Software 7.3(2)D1(3a), Cisco NX-OS Software 7.3(2)D1(1d), Cisco NX-OS Software 7.3(2)N1(1), Cisco NX-OS Software 7.3(2)N1(1b), Cisco NX-OS Software 7.3(2)N1(1c), Cisco NX-OS Software 7.3(3)N1(1), Cisco NX-OS Software 8.1(1), Cisco NX-OS Software 8.1(2), Cisco NX-OS Software 8.1(2a), Cisco NX-OS Software 8.1(1a), Cisco NX-OS Software 8.1(1b), Cisco NX-OS Software 8.2(1), Cisco NX-OS Software 8.2(2), Cisco NX-OS Software 8.3(1), Cisco NX-OS Software 9.2(1), Cisco NX-OS Software 9.2(2), Cisco NX-OS Software 9.2(2t), Cisco NX-OS Software 9.2(2v), Cisco NX-OS Software 7.3(4)N1(1), Cisco NX-OS Software 7.3(4)N1(1a), Cisco NX-OS Software 7.3(3)D1(1), Cisco NX-OS Software 7.0(3)IA7(1), Cisco NX-OS Software 7.0(3)IA7(2), Cisco NX-OS Software 7.0(3)IM7(2), Cisco Firepower Extensible Operating System (FXOS) 2.0.1.68, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.201, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.86, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.37, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.135, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.141, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.144, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.148, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.149, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.153, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.159, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.188, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.203, Cisco Firepower Extensible Operating System (FXOS) 2.0.1.204, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.64, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.73, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.77, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.83, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.85, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.86, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.97, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.106, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.107, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.113, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.115, Cisco Firepower Extensible Operating System (FXOS) 2.1.1.116, Cisco Firepower Extensible Operating System (FXOS) 1.1.1.147, Cisco Firepower Extensible Operating System (FXOS) 1.1.1.160, Cisco Firepower Extensible Operating System (FXOS) 1.1.2.51, Cisco Firepower Extensible Operating System (FXOS) 1.1.2.178, Cisco Firepower Extensible Operating System (FXOS) 1.1.3.84, Cisco Firepower Extensible Operating System (FXOS) 1.1.3.86, Cisco Firepower Extensible Operating System (FXOS) 1.1.3.97, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.95, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.117, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.169, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.175, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.178, Cisco Firepower Extensible Operating System (FXOS) 1.1.4.179, Cisco Firepower Extensible Operating System (FXOS) 2.2.1.63, Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66, Cisco Firepower Extensible Operating System (FXOS) 2.2.1.70, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.17, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.19, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.24, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.26, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.28, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.54, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.60, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.71, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.83, Cisco Firepower Extensible Operating System (FXOS) 2.2.2.86, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.93, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.91, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.75, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.58, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.111, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.110, Cisco Firepower Extensible Operating System (FXOS) 2.4.1.101, Cisco Firepower Extensible Operating System (FXOS) 2.4.1.214, Cisco NX-OS System Software in ACI Mode 12.2(2g), Cisco NX-OS System Software in ACI Mode 13.0(1i), Cisco NX-OS System Software in ACI Mode 13.0(2m), Cisco NX-OS System Software in ACI Mode 13.2(1l), Cisco NX-OS System Software in ACI Mode 13.2(1m), Cisco NX-OS System Software in ACI Mode 13.2(2l), Cisco NX-OS System Software in ACI Mode 13.2(2o), Cisco NX-OS System Software in ACI Mode 13.2(3i), Cisco NX-OS System Software in ACI Mode 13.2(3n), Cisco NX-OS System Software in ACI Mode 13.2(3o), Cisco NX-OS System Software in ACI Mode 13.2(3r), Cisco NX-OS System Software in ACI Mode 13.2(4d), Cisco NX-OS System Software in ACI Mode 13.2(4e), Cisco NX-OS System Software in ACI Mode 13.2(3j), Cisco NX-OS System Software in ACI Mode 13.2(3s), Cisco NX-OS System Software in ACI Mode 13.2(5d), Cisco NX-OS System Software in ACI Mode 13.2(5e), Cisco NX-OS System Software in ACI Mode 13.2(5f), Cisco NX-OS System Software in ACI Mode 13.2(6i), Cisco NX-OS System Software in ACI Mode 13.2(41d), Cisco NX-OS System Software in ACI Mode 13.2(7f), Cisco NX-OS System Software in ACI Mode 14.0(1h), Cisco Firepower Extensible Operating System (FXOS), Cisco NX-OS Software, Cisco NX-OS System Software in ACI Mode, Cisco MDS 9000 Multilayer Directors and Fabric Switches, Cisco Nexus 7000 Series Switches, Cisco Nexus 5000 Series Switches, Cisco Nexus 3000 Series Switches, Cisco Nexus 6000 Series Switches, Cisco Nexus 9000 Series Switches

Related Products

Product CVE Evidence
Firepower Extensible Operating System CVE-2019-1963 Cisco OpenVuln
Cisco Unified Computing System (Managed) CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 9000 Series Switches CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 7000 Series Switches CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 6000 Series Switches CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 5000 Series Switches CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 3000 Series Switches CVE-2019-1963 Cisco OpenVuln
Cisco Nexus 3000 Series Switch CVE-2019-1963 Cisco OpenVuln
Cisco NX-OS System Software in ACI Mode CVE-2019-1963 Cisco OpenVuln
Cisco NX-OS Software CVE-2019-1963 Cisco OpenVuln
Cisco MDS 9000 Multilayer Directors and Fabric Switches CVE-2019-1963 Cisco OpenVuln
Cisco Firepower Extensible Operating System (FXOS) CVE-2019-1963 Cisco OpenVuln
Cisco Firepower Extensible Operating System CVE-2019-1963 Cisco OpenVuln