CVE-2019-1746
HIGHCisco IOS - Unauthenticated Denial of Service via Cluster Management Protocol Input Validation
Title source: llmDescription
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107612
Scores
CVSS v3
7.4
EPSS
0.0064
EPSS Percentile
46.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (50)
cisco/ios
12.1\(6\)ea1
cisco/ios
12.1\(6\)ea1a
cisco/ios
12.1\(6\)ea2
cisco/ios
12.1\(6\)ea2a
cisco/ios
12.1\(6\)ea2b
cisco/ios
12.1\(6\)ea2c
cisco/ios
12.1\(8\)ea1b
cisco/ios
12.1\(8\)ea1c
cisco/ios
12.1\(9\)ea1
cisco/ios
12.1\(9\)ea1a
... and 40 more
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026