Executive Summary

Informations
Name CVE-2019-1806 First vendor Publication 2019-05-15
Vendor Cve Last vendor Modification 2020-10-16

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Overall CVSS Score 7.7
Base Score 7.7 Environmental Score 7.7
impact SubScore 4 Temporal Score 7.7
Exploitabality Sub Score 3.1
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction None
Scope Changed Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1806

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-770 Allocation of Resources Without Limits or Throttling

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 4
Os 2
Os 4
Os 4
Os 4
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Small Business Series Switches SNMP denial of service attempt
RuleID : 50131 - Revision : 1 - Type : PROTOCOL-SNMP

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/108335
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2023-05-27 01:48:55
  • Multiple Updates
2021-11-11 01:35:39
  • Multiple Updates
2020-12-05 21:23:47
  • Multiple Updates
2020-10-16 21:23:01
  • Multiple Updates
2020-09-02 17:23:06
  • Multiple Updates
2020-05-23 02:26:50
  • Multiple Updates
2019-10-10 05:21:03
  • Multiple Updates
2019-05-21 17:19:13
  • Multiple Updates
2019-05-16 13:19:13
  • Multiple Updates
2019-05-16 05:18:50
  • First insertion