Main Vulnerability Database Vulnerabilities #VU19606

Buffer overflow in Cisco Nexus 9000 Series Switches in ACI Mode - CVE-2019-1901

Published: August 1, 2019

Vulnerability identifier: #VU19606

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1901

CWE-ID: CWE-119

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Nexus 9000 Series Switches in ACI Mode

Detailed vulnerability description

The vulnerability allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges.

The vulnerability exists due to improper input validation of certain type, length, value (TLV) fields of the Link Layer Discovery Protocol (LLDP) frame header. An attacker can send a specially crafted LLDP packet to the targeted device, trigger memory corruption and cause a DoS condition or execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface.

How to mitigate CVE-2019-1901

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo

Buffer overflow in Cisco Nexus 9000 Series Switches in ACI Mode - CVE-2019-1901

Detailed vulnerability description

How to mitigate CVE-2019-1901

Sources

Please verify you're human