Vulnerabilities > CVE-2019-1869 - Access of Uninitialized Pointer vulnerability in Cisco Staros

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
CWE-824
nessus

Summary

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190619-STAROS-ASR-DOS.NASL
descriptionAccording to its self-reported version, Cisco ASR 5000 Series Software is affected by a denial-of-service vulnerability. An unauthenticated, remote attacker can exploit this, via a series of specially crafted packets, to prevent the interface from receiving traffic. Please see the included Cisco BIDs and Cisco Security Advisory for more information.
last seen2020-06-01
modified2020-06-02
plugin id126340
published2019-06-28
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126340
titleCisco StarOS Denial of Service Vulnerability