CVE-2019-1965

A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection.

CVSS v3.0 7.7 HIGH
CVSS v2.0 4.0 MEDIUM

7.7^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:mds_9216:-:::::::*
	cpe:2.3:h:cisco:mds_9216i:-:::::::*
	cpe:2.3:h:cisco:mds_9513:-:::::::*
	cpe:2.3:h:cisco:mds_9710:-:::::::*
	cpe:2.3:h:cisco:mds_9132t:-:::::::*
	cpe:2.3:h:cisco:mds_9148s:-:::::::*
	cpe:2.3:h:cisco:mds_9148t:-:::::::*
	cpe:2.3:h:cisco:mds_9250i:-:::::::*
	cpe:2.3:h:cisco:mds_9396s:-:::::::*
	cpe:2.3:h:cisco:mds_9396t:-:::::::*
	cpe:2.3:h:cisco:mds_9506:-:::::::*
	cpe:2.3:h:cisco:mds_9222i:-:::::::*
	cpe:2.3:h:cisco:mds_9718:-:::::::*
	cpe:2.3:h:cisco:mds_9706:-:::::::*
	cpe:2.3:h:cisco:mds_9509:-:::::::*
	cpe:2.3:h:cisco:mds_9216a:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:n9k-c9508-fm-r:-:::::::*
	cpe:2.3:h:cisco:n9k-x9636c-r:-:::::::*
	cpe:2.3:h:cisco:x96136yc-r:-:::::::*
	cpe:2.3:h:cisco:x9636c-rx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9636c-rx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9636q-r:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*
	cpe:2.3:h:cisco:n9k-c9504-fm-r:-:::::::*
	cpe:2.3:h:cisco:n9k-x96136yc-r:-:::::::*
	cpe:2.3:h:cisco:x9636c-r:-:::::::*
	cpe:2.3:h:cisco:x9636q-r:-:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:nexus_5010:-:::::::*
	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up:-:::::::*
	cpe:2.3:h:cisco:nexus_5696q:-:::::::*
	cpe:2.3:h:cisco:nexus_6001:-:::::::*
	cpe:2.3:h:cisco:nexus_6004:-:::::::*
	cpe:2.3:h:cisco:nexus_5596t:-:::::::*
	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
	cpe:2.3:h:cisco:nexus_5624q:-:::::::*
	cpe:2.3:h:cisco:nexus_5020:-:::::::*
	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5648q:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up-16g:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:7700_10-slot:-:::::::*
	cpe:2.3:h:cisco:7700_2-slot:-:::::::*
	cpe:2.3:h:cisco:n77-m324fq-25l:-:::::::*
	cpe:2.3:h:cisco:n7k-f248xp-25e:-:::::::*
	cpe:2.3:h:cisco:n7k-m224xp-23l:-:::::::*
	cpe:2.3:h:cisco:n7k-m348xp-25l:-:::::::*
	cpe:2.3:h:cisco:n77-f312ck-26:-:::::::*
	cpe:2.3:h:cisco:n77-f324fq-25:-:::::::*
	cpe:2.3:h:cisco:n77-f348xp-23:-:::::::*
	cpe:2.3:h:cisco:n77-f430cq-36:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_2:-:::::::*
	cpe:2.3:h:cisco:n7k-m206fq-23l:-:::::::*
	cpe:2.3:h:cisco:n7k-m202cf-22l:-:::::::*
	cpe:2.3:h:cisco:n7k-m324fq-25l:-:::::::*
	cpe:2.3:h:cisco:n77-m348xp-23l:-:::::::*
	cpe:2.3:h:cisco:n77-m312cq-26l:-:::::::*
	cpe:2.3:h:cisco:n7k-f312fq-25:-:::::::*
	cpe:2.3:h:cisco:n7k-f306ck-25:-:::::::*
	cpe:2.3:h:cisco:7000_4-slot:-:::::::*
	cpe:2.3:h:cisco:7000_9-slot:-:::::::*
	cpe:2.3:h:cisco:7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:7700_6-slot:-:::::::*
	cpe:2.3:h:cisco:7700_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_supervisor_3e:-:::::::*
	cpe:2.3:h:cisco:nexus_7700_supervisor_2e:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_2e:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_supervisor_1:-:::::::*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:n9k-c93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9736c-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:n9k-c92160yc-x:-:::::::*
	cpe:2.3:h:cisco:n9k-c9236c:-:::::::*
	cpe:2.3:h:cisco:n9k-c9272q:-:::::::*
	cpe:2.3:h:cisco:n9k-c93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:n9k-c93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:n9k-x9732c-ex:-:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:nexus_3524-x\/xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x\/xl:-:::::::*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:ucs_6332:-:::::::*
	cpe:2.3:h:cisco:ucs_6324:-:::::::*
	cpe:2.3:h:cisco:ucs-6296up:-:::::::*
	cpe:2.3:h:cisco:ucs_6332-16up:-:::::::*
	cpe:2.3:h:cisco:ucs_6248up:-:::::::*

Information

Published : 2019-08-28 12:15

Updated : 2020-10-16 07:05

NVD link : CVE-2019-1965

Mitre link : CVE-2019-1965

JSON object : View

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

Products Affected

cisco

n9k-c92160yc-x
ucs_6324
n7k-f306ck-25
x9636c-r
n7k-m324fq-25l
nexus_7700_supervisor_3e
nexus_7000_supervisor_2e
n9k-c9508-fm-r
mds_9396t
x9636c-rx
n9k-c93180lc-ex
nexus_3548-x\/xl
ucs-6296up
n77-f324fq-25
nexus_5648q
7700_10-slot
n7k-m348xp-25l
7000_18-slot
x96136yc-r
mds_9506
n77-m324fq-25l
ucs_6332-16up
n9k-c9236c
nexus_5596up
7000_9-slot
n9k-x9636c-r
x9636q-r
mds_9513
nexus_5020
nx-os
n9k-c9504-fm-r
nexus_5696q
nexus_56128p
n7k-m224xp-23l
nexus_3524-x\/xl
mds_9148s
n9k-x9636q-r
nexus_36180yc-r
nexus_5010
nexus_5624q
n7k-m206fq-23l
n77-f348xp-23
nexus_6004
mds_9222i
n77-f430cq-36
mds_9132t
n7k-f312fq-25
7700_6-slot
n9k-x9736c-fx
nexus_5672up
nexus_7000_supervisor_2
mds_9396s
mds_9216
mds_9718
nexus_7700_supervisor_2e
7700_18-slot
n9k-c93180yc-fx
7000_4-slot
n7k-m202cf-22l
mds_9509
ucs_6248up
n77-m348xp-23l
nexus_5548up
7000_10-slot
mds_9706
nexus_3636c-r
mds_9710
mds_9250i
mds_9216i
n9k-x9732c-ex
nexus_7000_supervisor_1
mds_9148t
n7k-f248xp-25e
ucs_6332
nexus_6001
nexus_5596t
nexus_5672up-16g
7700_2-slot
n9k-x9636c-rx
n9k-c9272q
n77-m312cq-26l
n9k-c93180yc-ex
n9k-x96136yc-r
nexus_3048
n77-f312ck-26
nexus_5548p
mds_9216a

7.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-1965

7.7^/10

4.0^/10

Attach tags to `CVE-2019-1965`