CVE-2019-1814

Published: May 16, 2019Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.

Affected (27)

Products: Cisco: Sf302 08pp Firmware, Sf302 08mpp Firmware, Sg300 10pp Firmware, Sg300 10mpp Firmware, Sf300 24pp Firmware, Sf300 48pp Firmware, Sg300 28pp Firmware, Sf300 08 Firmware, Sf300 48p Firmware, Sg300 10mp Firmware, Sg300 10p Firmware, Sg300 10 Firmware, Sg300 28p Firmware, Sf300 24p Firmware, Sf302 08mp Firmware, Sg300 28 Firmware, Sf300 48 Firmware, Sg300 20 Firmware, Sf302 08p Firmware, Sg300 52 Firmware, Sf300 24 Firmware, Sf302 08 Firmware, Sf300 24mp Firmware, Sg300 10sfp Firmware, Sg300 28mp Firmware, Sg300 52p Firmware, Sg300 52mp Firmware

27 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08pp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf302 08pp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mpp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf302 08mpp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10pp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10pp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mpp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10mpp	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24pp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 24pp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48pp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 48pp	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28pp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 28pp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 08 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 08	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 48p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10mp	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 28p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 24p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf302 08mp	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 28	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 48	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 20 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 20	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf302 08p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 52	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 24	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08 Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf302 08	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24mp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sf300 24mp	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10sfp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 10sfp	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28mp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 28mp	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52p Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 52p	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52mp Firmware	Before 1.4.10.6

Running on/with	Platform Versions
Cisco Sg300 52mp	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

http://www.securityfocus.com/bid/108344

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/108344

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.