CVE-2019-1746

CVE Database · CVE-2019-1746

CVE-2019-1746

· N/AModified

CVSS v3.1

N/A

EPSS

0.64%

Published

Mar 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (567)

cisco · iosvulnerable

cisco · ios

References (4)

http://www.securityfocus.com/bid/107612

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos

PatchVendor Advisory

http://www.securityfocus.com/bid/107612

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs