CVE-2019-1840 - OpenCVE

Vendors	Products
Cisco	Prime Network Registrar

Link	Providers
http://www.securityfocus.com/bid/108033
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos

{"containers": {"cna": {"affected": [{"product": "Cisco Prime Network Registrar", "vendor": "Cisco", "versions": [{"lessThan": "8.3(7)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "9.1(2)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T09:06:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190417 Cisco Prime Network Registrar Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos"}, {"name": "108033", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108033"}], "source": {"advisory": "cisco-sa-20190417-pnr-dos", "defect": [["CSCvn20662"]], "discovery": "INTERNAL"}, "title": "Cisco Prime Network Registrar Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-04-17T16:00:00-0700", "ID": "CVE-2019-1840", "STATE": "PUBLIC", "TITLE": "Cisco Prime Network Registrar Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Prime Network Registrar", "version": {"version_data": [{"version_affected": "<", "version_value": "8.3(7)"}, {"version_affected": "<", "version_value": "9.1(2)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.6", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-665"}]}]}, "references": {"reference_data": [{"name": "20190417 Cisco Prime Network Registrar Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos"}, {"name": "108033", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108033"}]}, "source": {"advisory": "cisco-sa-20190417-pnr-dos", "defect": [["CSCvn20662"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.868Z"}, "title": "CVE Program Container", "references": [{"name": "20190417 Cisco Prime Network Registrar Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos"}, {"name": "108033", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108033"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1840", "datePublished": "2019-04-18T01:25:14.617540Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-17T03:23:58.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9822E11-767C-4D1E-90A9-F3D5B0E79A05", "versionEndExcluding": "8.3.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "C395D9E4-E1DA-405F-9E87-D547445A5E98", "versionEndExcluding": "9.1.2", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected."}, {"lang": "es", "value": "Una vulnerabilidad en el procesador de paquetes de entrada DHCPv6 de Prime Network Registrar de Cisco, podr\u00eda permitir que un atacante remoto no autenticado reinicie el servidor y cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el sistema afectado. La vulnerabilidad es debido a una validaci\u00f3n de entrada incompleta proporcionada por el usuario cuando una extensi\u00f3n personalizada intenta cambiar un paquete DHCPv6 recibido por la aplicaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar paquetes DHCPv6 malformados a la aplicaci\u00f3n. Una explotaci\u00f3n podr\u00eda permitir que el atacante inicie un reinicio del servicio que, si se explota repetidamente, podr\u00eda llevar a una condici\u00f3n DoS. Esta vulnerabilidad solo puede ser explotada si el administrador del servidor ha instalado previamente extensiones personalizadas que intentan modificar los detalles del paquete antes de que el paquete haya sido procesado. Nota: Aunque la puntuaci\u00f3n CVSS coincide con un SIR alto, se ha reducido a Medio porque esta condici\u00f3n s\u00f3lo afectar\u00e1 a una aplicaci\u00f3n que tenga extensiones desarrolladas por el cliente que intentar\u00e1n modificar los par\u00e1metros del paquete antes de que el paquete haya sido completamente saneado. Si la modificaci\u00f3n del paquete en una extensi\u00f3n personalizada ocurre despu\u00e9s de que el paquete haya sido saneado, la aplicaci\u00f3n no se ver\u00e1 afectada por esta vulnerabilidad. Las versiones de software anteriores a 8.3 (7) y 9.1 (2) est\u00e1n afectadas."}], "id": "CVE-2019-1840", "lastModified": "2019-10-09T23:48:18.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2019-04-18T02:29:06.060", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108033"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object