Adding Cisco CVE-2019-1814

2025-08-04 08:44:25 +00:00 · 2019-05-15 23:41:55 +00:00 · 2019-05-15 23:41:55 +00:00 · 7e762ddacd
commit 7e762ddacd
parent 38c9e3b5b7
1 changed files with 72 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1814.json
+++ b/2019/1xxx/CVE-2019-1814.json
@ -1,8 +1,33 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
        "ID": "CVE-2019-1814",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Small Business 300 Series Managed Switches ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.4.0.88"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +36,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device.  The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received.  An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "6.8",
+            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-400"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20190515 Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20190515-sb300sms-dhcp",
+        "defect": [
+            [
+                "CSCvn17215"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}