Rewterz Threat Alert – QNAPCrypt Ransomware Campaigns
September 27, 2019Rewterz Threat Advisory – CVE-2019-1955 – Cisco Email Security Appliance Header Injection Vulnerability
September 27, 2019Rewterz Threat Alert – QNAPCrypt Ransomware Campaigns
September 27, 2019Rewterz Threat Advisory – CVE-2019-1955 – Cisco Email Security Appliance Header Injection Vulnerability
September 27, 2019Severity
High
Analysis Summary
The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges.
Impact
- DoS
- Privilege access
Affected Vendors
Cisco
Remediation
Please see vendor’s advisory for the list of affected products and more details
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo