CVE-2019-1746

HIGH

Cisco IOS - Unauthenticated Denial of Service via Cluster Management Protocol Input Validation

Title source: llm
STIX 2.1

Description

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107612

Scores

CVSS v3 7.4
EPSS 0.0064
EPSS Percentile 46.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (50)
cisco/ios 12.1\(6\)ea1
cisco/ios 12.1\(6\)ea1a
cisco/ios 12.1\(6\)ea2
cisco/ios 12.1\(6\)ea2a
cisco/ios 12.1\(6\)ea2b
cisco/ios 12.1\(6\)ea2c
cisco/ios 12.1\(8\)ea1b
cisco/ios 12.1\(8\)ea1c
cisco/ios 12.1\(9\)ea1
cisco/ios 12.1\(9\)ea1a
... and 40 more
Published Mar 28, 2019
Tracked Since Feb 18, 2026