Cisco Small Business 300 Series Managed Switches DHCP Denial of Service Vulnerability
CVE-2019-1814

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business 300 Series Managed Switches
Vendor: CVE Published:; 16 May 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.

Affected Version(s)

Cisco Small Business 300 Series Managed Switches 1.4.0.88

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108344

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 16, 2019
Vulnerability Reserved
Dec 6, 2018