CVE-2019-1963 HIGH

CVE-2019-1963: Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Managed)
Weakness CWE-20 · Input validation
Published August 28, 2019
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Key dates

02Disclosure timeline

August 28, 2019 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-38122 Cross-Site Scripting (XSS) in Advance Authentication CVE-2020-3221 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component CVE-2024-24695 Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation CVE-2023-33042 Improper Input Validation in Modem