high
8.6
CWE
665 20
Advisory Published
Updated

CVE-2019-1840: Cisco Prime Network Registrar Denial of Service Vulnerability

First published: Thu Apr 18 2019(Updated: )

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Prime Network Registrar Major<8.3.7
Cisco Prime Network Registrar Major>=9.0<9.1.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-1840?

    CVE-2019-1840 is classified as a medium severity vulnerability due to its potential to cause a denial of service.

  • How do I fix CVE-2019-1840?

    To fix CVE-2019-1840, upgrade Cisco Prime Network Registrar to versions 9.1.2 or later, or to the latest available patch.

  • What systems are affected by CVE-2019-1840?

    CVE-2019-1840 affects Cisco Prime Network Registrar versions up to 8.3.7 and versions between 9.0 and 9.1.2.

  • What type of attack can be executed using CVE-2019-1840?

    An attacker can exploit CVE-2019-1840 to perform a denial of service attack by causing the server to restart.

  • Is authentication required to exploit CVE-2019-1840?

    No, CVE-2019-1840 can be exploited by an unauthenticated remote attacker.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203