Strix
26.1K

CVE-2019-1806

HIGHCVSS 7.7/10EPSS 2.08%

Last modified

CVE-2019-1806 is a high-severity vulnerability rated 7.7/10 on the CVSS scale. A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. EPSS estimates a 2.08% chance of exploitation in the next 30 days.

Description

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.

Metrics

CVSS 3.1
7.7/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS Probability
2.08%

79.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoSf200-24 Firmware< 1.4.10.6
CiscoSf200-24p Firmware< 1.4.10.6
CiscoSf200-48 Firmware< 1.4.10.6
CiscoSf200-48p Firmware< 1.4.10.6
CiscoSg200-18 Firmware< 1.4.10.6
CiscoSg200-26 Firmware< 1.4.10.6
CiscoSg200-26p Firmware< 1.4.10.6
CiscoSg200-50 Firmware< 1.4.10.6
CiscoSg200-50p Firmware< 1.4.10.6
CiscoSg300-10 Firmware< 1.4.10.6
CiscoSg300-10mp Firmware< 1.4.10.6
CiscoSg300-10mpp Firmware< 1.4.10.6
CiscoSg300-10sfp Firmware< 1.4.10.6
CiscoSg300-10p Firmware< 1.4.10.6
CiscoSg300-10pp Firmware< 1.4.10.6
CiscoSg300-20 Firmware< 1.4.10.6
CiscoSg300-28 Firmware< 1.4.10.6
CiscoSg300-28p Firmware< 1.4.10.6
CiscoSg300-28pp Firmware< 1.4.10.6
CiscoSg300-28mp Firmware< 1.4.10.6
CiscoSg300-28sfp Firmware< 1.4.10.6
CiscoSg300-52 Firmware< 1.4.10.6
CiscoSg300-52p Firmware< 1.4.10.6
CiscoSg300-52mp Firmware< 1.4.10.6
CiscoSf300-08 Firmware< 1.4.10.6
CiscoSf302-08 Firmware< 1.4.10.6
CiscoSf302-08mp Firmware< 1.4.10.6
CiscoSf302-08p Firmware< 1.4.10.6
CiscoSf302-08pp Firmware< 1.4.10.6
CiscoSf302-08mpp Firmware< 1.4.10.6
CiscoSf300-24 Firmware< 1.4.10.6
CiscoSf300-24p Firmware< 1.4.10.6
CiscoSf300-24mp Firmware< 1.4.10.6
CiscoSf300-24pp Firmware< 1.4.10.6
CiscoSf300-48 Firmware< 1.4.10.6
CiscoSf300-48p Firmware< 1.4.10.6
CiscoSf300-48pp Firmware< 1.4.10.6
CiscoSf500-24 Firmware< 1.4.10.6
CiscoSf500-24p Firmware< 1.4.10.6
CiscoSf500-24mp Firmware< 1.4.10.6
CiscoSf500-48 Firmware< 1.4.10.6
CiscoSf500-48p Firmware< 1.4.10.6
CiscoSf500-48mp Firmware< 1.4.10.6
CiscoSg500-28 Firmware< 1.4.10.6
CiscoSg500-28p Firmware< 1.4.10.6
CiscoSg500-28mpp Firmware< 1.4.10.6
CiscoSg500-52 Firmware< 1.4.10.6
CiscoSg500-52p Firmware< 1.4.10.6
CiscoSg500-52mp Firmware< 1.4.10.6
CiscoSg500x-24 Firmware< 1.4.10.6

Showing 50 of 105 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1806?
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.
How severe is CVE-2019-1806?
CVE-2019-1806 has a CVSS score of 7.7/10 (HIGH severity). The EPSS model estimates a 2.08% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1806?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1806?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST