cnvd - cnvd-2019-14104

cnvd-2019-14104

Vulnerability from cnvd

Title

Cisco IOS和IOS XE ISDN接口拒绝服务漏洞

Description

Cisco IOS和IOS XE都是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS和IOS XE中的ISDN功能存在输入验证漏洞，该漏洞源于程序未能正确地处理Q.931消息元素中的值。远程攻击者可利用该漏洞造成设备重新加载，导致拒绝服务。

Severity

高

Patch Name

Cisco IOS和IOS XE ISDN接口拒绝服务漏洞的补丁

Patch Description

Cisco IOS和IOS XE都是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS和IOS XE中的ISDN功能存在输入验证漏洞，该漏洞源于程序未能正确地处理Q.931消息元素中的值。远程攻击者可利用该漏洞造成设备重新加载，导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-1752

Impacted products

Name
['Cisco IOS XE', 'Cisco IOS']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "107589"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1752"
    }
  },
  "description": "Cisco IOS\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS\u548cIOS XE\u4e2d\u7684ISDN\u529f\u80fd\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406Q.931\u6d88\u606f\u5143\u7d20\u4e2d\u7684\u503c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-14104",
  "openTime": "2019-05-14",
  "patchDescription": "Cisco IOS\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE\u4e2d\u7684ISDN\u529f\u80fd\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406Q.931\u6d88\u606f\u5143\u7d20\u4e2d\u7684\u503c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS\u548cIOS XE ISDN\u63a5\u53e3\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XE",
      "Cisco IOS"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1752",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-28",
  "title": "Cisco IOS\u548cIOS XE ISDN\u63a5\u53e3\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2019-1752 (GCVE-0-2019-1752)

Vulnerability from cvelistv5

Published

2019-03-28 00:05

Modified

2024-09-17 01:16

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20

Summary

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/107589	vdb-entry, x_refsource_BID