CVE-2019-1968: Cisco NX-OS Software NX-API Denial of Service Vulnerability
First published: Thu Aug 29 2019(Updated: )
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =7.3 | |
| Cisco NX-OS | =8.1 | |
| Cisco NX-OS | =8.2 | |
| Cisco NX-OS | =8.3 | |
| Cisco MDS 9000 Series Multilayer Switches | ||
| Cisco MDS 9100 | ||
| Cisco MDS 9140 | ||
| Cisco MDS 9200 | ||
| Cisco MDS 9500 | ||
| Cisco MDS 9700 | ||
| Cisco NX-OS | =6.1\(2\)i2 | |
| Cisco NX-OS | =6.1\(2\)i3 | |
| Cisco NX-OS | =7.0\(3\)i4 | |
| Cisco NX-OS | =7.0\(3\)i7 | |
| Cisco NX-OS | =9.2 | |
| Cisco Nexus 3016Q Firmware | ||
| Cisco Nexus 3048 Firmware | ||
| Cisco Nexus 3064 Firmware | ||
| Cisco Nexus 3064 | ||
| Cisco Nexus 31108PC-V Firmware | ||
| Cisco Nexus 31108TC-V Firmware | ||
| Cisco Nexus 31128PQ | ||
| Cisco Nexus 3132C-Z Firmware | ||
| Cisco Nexus 3132Q-XL | ||
| Cisco Nexus 3132Q-V Firmware | ||
| Cisco Nexus 3132Q-XL Firmware | ||
| Cisco Nexus 3164Q Firmware | ||
| Cisco Nexus 3172 Firmware | ||
| Cisco Nexus 3172PQ-XL Firmware | ||
| Cisco Nexus 3172TQ Firmware | ||
| Cisco Nexus 3172TQ-XL | ||
| Cisco Nexus 3172TQ-XL Firmware | ||
| Cisco Nexus 3232C | ||
| Cisco Nexus 3264C-E Firmware | ||
| Cisco Nexus 3264Q Firmware | ||
| Cisco Nexus 3408-S Firmware | ||
| Cisco Nexus 34180YC Firmware | ||
| Cisco Nexus 3432D-S Firmware | ||
| Cisco Nexus 3464C Firmware | ||
| Cisco NX-OS Nexus 9000 Series | ||
| Cisco Nexus 92160YC Switch | ||
| Cisco Nexus 92300YC Firmware | ||
| Cisco Nexus 92304QC Switch | ||
| Cisco Nexus 92348GC-X Switch | ||
| Cisco Nexus 9236C Switch | ||
| Cisco Nexus 9272Q Switch | ||
| Cisco Nexus | ||
| Cisco Nexus 93108TC-FX Switch | ||
| Cisco Nexus 93120TX Firmware | ||
| Cisco Nexus 93128 Firmware | ||
| Cisco Nexus 93180LC-EX Switch | ||
| Cisco Nexus 93180YC-EX-24 | ||
| Cisco Nexus 93180YC-FX Firmware | ||
| Cisco Nexus 93216TC-FX2 Firmware | ||
| Cisco Nexus 93240YC-FX2 Firmware | ||
| Cisco Nexus 9332C Firmware | ||
| Cisco Nexus 9332PQ Firmware | ||
| Cisco Nexus 93360YC-FX2 | ||
| Cisco Nexus 9336C-FX2 Firmware | ||
| Cisco Nexus N9336PQ-X | ||
| Cisco Nexus 9348GC-FXP Firmware | ||
| Cisco Nexus 9364c-h1 | ||
| Cisco Nexus 9372PX-E | ||
| Cisco Nexus 9372PX-E Firmware | ||
| Cisco Nexus 9372TX | ||
| Cisco Nexus 9372TX-E Switch | ||
| Cisco Nexus 9396PX Firmware | ||
| Cisco Nexus 9396TX Firmware | ||
| Cisco NX-OS | =6.0\(2\)a8 | |
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3524-XL Firmware | ||
| Cisco Nexus 3548-X/XL Firmware | ||
| Cisco Nexus 3548-X/XL | ||
| Cisco Nexus 3548-X/XL | ||
| Cisco NX-OS | =7.0\(3\)f | |
| Cisco Nexus 36180YC-R Firmware | ||
| Cisco Nexus 3636C-R Firmware | ||
| Cisco Nexus 9504 firmware | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9516 firmware | ||
| Cisco NX-OS | =7.1 | |
| Cisco NX-OS | =7.2 | |
| Cisco Nexus 5548P Firmware | ||
| Cisco Nexus 5548UP Firmware | ||
| Cisco Nexus 5596T Firmware | ||
| Cisco Nexus 5596UP Firmware | ||
| Cisco 56128p | ||
| Cisco Nexus 5624Q Firmware | ||
| Cisco Nexus 5648Q Firmware | ||
| Cisco Nexus 5672UP-16G | ||
| Cisco Nexus 5696Q Firmware | ||
| Cisco Nexus 6001 Firmware | ||
| Cisco Nexus 6004 Firmware | ||
| Cisco NX-OS | =8.0 | |
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 | ||
| Cisco Nexus 7000 9-Slot Firmware | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 series | ||
| Cisco Nexus 7700 6-slot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-1968?
CVE-2019-1968 has been rated as High severity due to its potential for unauthenticated remote system process restarts.
How do I fix CVE-2019-1968?
To fix CVE-2019-1968, upgrade your Cisco NX-OS Software to a version that addresses this vulnerability.
Who is affected by CVE-2019-1968?
Cisco NX-OS versions 6.1, 7.0, 7.1, 7.2, 7.3, 8.0, 8.1, 8.2, and 8.3 are vulnerable to CVE-2019-1968.
What vulnerabilities are associated with CVE-2019-1968?
CVE-2019-1968 is primarily a denial-of-service vulnerability leading to unexpected restarts of NX-API processes.
Can CVE-2019-1968 be exploited without authentication?
Yes, CVE-2019-1968 can be exploited by an unauthenticated remote attacker.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/7.3
- version/cisco nx-os/8.1
- version/cisco nx-os/8.2
- version/cisco nx-os/8.3
- canonical/cisco mds 9000 series multilayer switches
- canonical/cisco mds 9100
- canonical/cisco mds 9140
- canonical/cisco mds 9200
- canonical/cisco mds 9500
- canonical/cisco mds 9700
- version/cisco nx-os/6.1\(2\)i2
- version/cisco nx-os/6.1\(2\)i3
- version/cisco nx-os/7.0\(3\)i4
- version/cisco nx-os/7.0\(3\)i7
- version/cisco nx-os/9.2
- canonical/cisco nexus 3016q firmware
- canonical/cisco nexus 3048 firmware
- canonical/cisco nexus 3064 firmware
- canonical/cisco nexus 3064
- canonical/cisco nexus 31108pc-v firmware
- canonical/cisco nexus 31108tc-v firmware
- canonical/cisco nexus 31128pq
- canonical/cisco nexus 3132c-z firmware
- canonical/cisco nexus 3132q-xl
- canonical/cisco nexus 3132q-v firmware
- canonical/cisco nexus 3132q-xl firmware
- canonical/cisco nexus 3164q firmware
- canonical/cisco nexus 3172 firmware
- canonical/cisco nexus 3172pq-xl firmware
- canonical/cisco nexus 3172tq firmware
- canonical/cisco nexus 3172tq-xl
- canonical/cisco nexus 3172tq-xl firmware
- canonical/cisco nexus 3232c
- canonical/cisco nexus 3264c-e firmware
- canonical/cisco nexus 3264q firmware
- canonical/cisco nexus 3408-s firmware
- canonical/cisco nexus 34180yc firmware
- canonical/cisco nexus 3432d-s firmware
- canonical/cisco nexus 3464c firmware
- canonical/cisco nx-os nexus 9000 series
- canonical/cisco nexus 92160yc switch
- canonical/cisco nexus 92300yc firmware
- canonical/cisco nexus 92304qc switch
- canonical/cisco nexus 92348gc-x switch
- canonical/cisco nexus 9236c switch
- canonical/cisco nexus 9272q switch
- canonical/cisco nexus
- canonical/cisco nexus 93108tc-fx switch
- canonical/cisco nexus 93120tx firmware
- canonical/cisco nexus 93128 firmware
- canonical/cisco nexus 93180lc-ex switch
- canonical/cisco nexus 93180yc-ex-24
- canonical/cisco nexus 93180yc-fx firmware
- canonical/cisco nexus 93216tc-fx2 firmware
- canonical/cisco nexus 93240yc-fx2 firmware
- canonical/cisco nexus 9332c firmware
- canonical/cisco nexus 9332pq firmware
- canonical/cisco nexus 93360yc-fx2
- canonical/cisco nexus 9336c-fx2 firmware
- canonical/cisco nexus n9336pq-x
- canonical/cisco nexus 9348gc-fxp firmware
- canonical/cisco nexus 9364c-h1
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372px-e firmware
- canonical/cisco nexus 9372tx
- canonical/cisco nexus 9372tx-e switch
- canonical/cisco nexus 9396px firmware
- canonical/cisco nexus 9396tx firmware
- version/cisco nx-os/6.0\(2\)a8
- canonical/cisco nexus 3524-xl
- canonical/cisco nexus 3524-xl firmware
- canonical/cisco nexus 3548-x/xl firmware
- canonical/cisco nexus 3548-x/xl
- version/cisco nx-os/7.0\(3\)f
- canonical/cisco nexus 36180yc-r firmware
- canonical/cisco nexus 3636c-r firmware
- canonical/cisco nexus 9504 firmware
- canonical/cisco nexus 9508
- canonical/cisco nexus 9516 firmware
- version/cisco nx-os/7.1
- version/cisco nx-os/7.2
- canonical/cisco nexus 5548p firmware
- canonical/cisco nexus 5548up firmware
- canonical/cisco nexus 5596t firmware
- canonical/cisco nexus 5596up firmware
- canonical/cisco 56128p
- canonical/cisco nexus 5624q firmware
- canonical/cisco nexus 5648q firmware
- canonical/cisco nexus 5672up-16g
- canonical/cisco nexus 5696q firmware
- canonical/cisco nexus 6001 firmware
- canonical/cisco nexus 6004 firmware
- version/cisco nx-os/8.0
- canonical/cisco nexus 7000
- canonical/cisco nexus 7000 9-slot firmware
- canonical/cisco nexus 7700 series
- canonical/cisco nexus 7700 6-slot