CVE-2019-1968

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Published: Aug 30, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1968
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-116

Affected Software
References

Software	From	Fixed in
cisco / nx-os	7.3	7.3.x
cisco / nx-os	8.1	8.1.x
cisco / nx-os	8.2	8.2.x
cisco / nx-os	8.3	8.3.x
cisco / nx-os	6.1(2)i2	6.1(2)i2.x
cisco / nx-os	6.1(2)i3	6.1(2)i3.x
cisco / nx-os	7.0(3)i4	7.0(3)i4.x
cisco / nx-os	7.0(3)i7	7.0(3)i7.x
cisco / nx-os	9.2	9.2.x
cisco / nx-os	6.0(2)a8	6.0(2)a8.x
cisco / nx-os	7.0(3)f	7.0(3)f.x
cisco / nx-os	7.1	7.1.x
cisco / nx-os	7.2	7.2.x
cisco / nx-os	8.0	8.0.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos

Vulnerability Database

289,599

CVE-2019-1968