Vulnerability Details : CVE-2019-1595
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).
Vulnerability category: Denial of service
Products affected by CVE-2019-1595
- cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1595
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1595
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
7.4
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
2.8
|
4.0
|
Cisco Systems, Inc. |
CWE ids for CVE-2019-1595
-
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-1595
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/107320
Cisco Nexus 5600 and 6000 Series Switches CVE-2019-1595 Denial of Service VulnerabilityVDB Entry;Third Party Advisory
Jump to