CVE-2019-1746

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.

Una vulnerabilidad en el código de procesamiento CMP (Cluster Management Protocol) del software Cisco IOS y Cisco IOS XE podría permitir que un atacante adyacente no autenticado desencadene una denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una validación de entrada insuficiente al procesar paquetes de gestión CMP. Un atacante podría explotar esta vulnerabilidad enviando paquetes de gestión CMP maliciosos a un dispositivo afectado. Si se explota con éxito, podría permitir que el switch se reinicie, provocando una denegación de servicio (DoS). El switch se recargará automáticamente.