CVE-2019-1739

CVE Database · CVE-2019-1739

CVE-2019-1739

· HIGHModified

CVSS v3.1

7.5

EPSS

2.52%

Published

Mar 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (164)

cisco · iosvulnerable

cisco · ios

References (4)

http://www.securityfocus.com/bid/107597

Broken LinkThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar

PatchVendor Advisory

http://www.securityfocus.com/bid/107597

Broken LinkThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs