Vulnerabilities > CVE-2019-1869 - Access of Uninitialized Pointer vulnerability in Cisco Staros

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cisco
CWE-824
nessus
NVD
Published: 2019-06-20
Updated: 2019-10-09

Summary

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Cisco
19
Hardware
Cisco
3

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190619-STAROS-ASR-DOS.NASL
descriptionAccording to its self-reported version, Cisco ASR 5000 Series Software is affected by a denial-of-service vulnerability. An unauthenticated, remote attacker can exploit this, via a series of specially crafted packets, to prevent the interface from receiving traffic. Please see the included Cisco BIDs and Cisco Security Advisory for more information.
last seen2020-06-01
modified2020-06-02
plugin id126340
published2019-06-28
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126340
titleCisco StarOS Denial of Service Vulnerability

References