VDB

CVE-2019-1746

CVE-2019-1746 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

EPSS 0.14% · 34.7th percentile

Risk Scores

CVSS 3.0
7.400000095367432
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.14%
34.7th percentile

Affected Products

VendorProductVersions
ciscoios_xe3.2.1sg, 3.2.2sg, 3.2.3sg
ciscoios*, 15.2\(3\)e4, 15.2\(3\)e5
CiscoCisco IOS and IOS XE Software3.2.1SG, 3.2.5SG, 3.2.6SG

Exploit Intelligence

Timeline

  • Mar 27, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›