Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
Cisco Security Advisory
Emergency Support:
+1 877 228 7302 (toll-free within North America)
+1 408 525 6532 (International direct-dial)
Non-emergency Support:
Email: psirt@cisco.com
Support requests that are received via e-mail are typically acknowledged within 48 hours.
Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.
More information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html
cisco-sa-20190327-cmp-dos
Final
1.0
1.0
2019-03-27T15:12:33
Initial public release.
2019-03-27T16:00:00
2019-03-27T16:00:00
TVCE
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"]
This advisory is part of the March 27, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 17 Cisco Security Advisories that describe 19 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-71135"].
This vulnerability affects Cisco Catalyst Switches that are running a vulnerable release of Cisco IOS or IOS XE Software when the switch meets all the following conditions:
CMP is enabled. On some platforms, CMP is enabled by default.
The switch is configured to be part of a cluster domain.
The switch has a role of command switch or member switch.
For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determining Whether the Switch Has a Vulnerable Configuration
There are two methods for determining whether the switch has a vulnerable configuration.
Option 1: Using the show cluster | include cluster Command
To determine the status of CMP on a device and verify that is configured to be part of a cluster domain, use the show cluster | include cluster privileged EXEC command on the device. The following example shows the output of the show cluster | include cluster command on a Cisco Catalyst Switch that has CMP enabled and that is also part of a cluster domain.
SWITCH#show cluster | include cluster
<ROLE> for cluster <CLUSTER_NAME>
If this command does not exist, or if it produces any other output, the device is not affected by the vulnerability described in this advisory.
Option 2: Using the show running-config [all] Command
To determine whether a device is configured with CMP enabled, use the show running-config all | include cluster run privileged EXEC command on the device. The following example shows the output of the show running-config all | include cluster run command on a switch that has CMP enabled:
SWITCH#show running-config all | include cluster run
cluster run
To determine whether a device has been configured to be part of a cluster domain either as a command switch or as a member switch, use the show running-config | include cluster commander|cluster member privileged EXEC command. On a switch that is not a part of a cluster domain, this command will result in empty output.
The following example shows the output of the show running-config | include cluster commander|cluster member command on a device that is configured to be part of cluster domain with a role of command switch.
SWITCH#show running-config | include cluster commander|cluster member
cluster member <NUMBER> mac-address <MAC-ADDRESS>
The following example shows the output of the show running-config | include cluster commander|cluster member command on a device that is configured to be part of cluster domain with a role of member switch.
SWITCH#show running-config | include cluster commander|cluster member
cluster commander-address <MAC-ADDRESS> <CLUSTER-INFORMATION>
When Option 2 is used to assess the device, it is affected by the vulnerability described in this advisory only if both the following conditions are true:
The output of the show running-config all | include cluster run command includes the following exact string:
cluster run
The show running-config | include cluster commander|cluster member command does not result in empty output.
Determining the Cisco IOS Software Release
To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output.
The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . .
For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
Determining the Cisco IOS XE Software Release
To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text.
The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M:
ios-xe-device# show version
Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . .
For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software.
CMP is a collection of underlying technologies that facilitate the management of a group of switches with use of a single IP address.
In each cluster, there is a master switch called the command switch, and the rest of the switches serve as member switches. The command switch provides the primary management interface for the entire cluster. Switches within a cluster domain use CMP to perform all signaling and configuration operations. CMP uses encapsulated Ethernet frames that contain a Subnetwork Access Protocol (SNAP) header with the Cisco Organizationally Unique Identifier (OUI) and CMP protocol identifier.
The vulnerability is due to insufficient input validation when processing CMP management packets. Due to the Layer 2 nature of CMP, only an attacker with access to the local network segment on which the targeted device resides could exploit the vulnerability described in this advisory. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
Exploitation of this vulnerability could cause the affected switch to generate error messages similar to the following:
Mar 22 2019 10:18:29.180 EST: %DATACORRUPTION-CLUSTER_MEMBER_2-1-DATAINCONSISTENCY: copy error, -PC= 0x2A9E20z
-Traceback= 463F74z 486D64z 2B8F2D8z 2A9E20z 2A7C74z 2A7EE8z 297DD08z 297A088z
Mar 22 2019 10:18:33.385 EST: %SYS-CLUSTER_MEMBER_2-3-TIMERNEG: Cannot start timer (0x48D3988) with negative offset (-805296368). -Process= "Cluster Base", ipl= 0, pid= 281
-Traceback= 463F74z 1F22304z 2A17DCz 297DD08z 297A088z
Unexpected exception to CPU vector 1 (undefined instruction), PC = 2 -Traceback= 0x2z 0x31EC60z 0x1655CF4z
The values printed after the -Traceback= text are version dependent. Customers are advised to contact their support organization to review the error messages and determine whether the device has been compromised by exploitation of this vulnerability.
There are no workarounds that address this vulnerability.
Disabling CMP would eliminate the exploit vector. Administrators can disable CMP by using the no cluster run command in global configuration mode. This action may be a suitable mitigation until switches that are affected by this vulnerability can be upgraded.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"], that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use this tool to perform the following tasks:
Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse
Enter the output of the show version command for the tool to parse
Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication
To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] on Cisco.com or enter a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S—in the following field:
By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list.
For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.
Note: Starting with Cisco IOS XE Software Release 16.9.1, any upgrade will require Smart Licensing. Customers who plan to upgrade Cisco IOS XE to Release 16.9.1 or later are advised to consider the Smart Licensing requirement. The following documentation provides additional information: Smart Licensing ["https://www.cisco.com/c/en/us/products/software/smart-accounts/software-licensing.html#~stickynav=3"].
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
This vulnerability was found during the resolution of a Cisco TAC support case.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-71135
Cisco Event Response: March 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
Cisco IOS 12.1(9)EX
Cisco IOS 12.2(25)EW
Cisco IOS 12.2(20)EWA
Cisco IOS 12.2(25)EWA
Cisco IOS 12.2(25)EWA6
Cisco IOS 12.2(25)EWA5
Cisco IOS 12.2(25)EWA1
Cisco IOS 12.2(25)EWA10
Cisco IOS 12.2(25)EWA8
Cisco IOS 12.2(20)EWA1
Cisco IOS 12.2(25)EWA11
Cisco IOS 12.2(25)EWA9
Cisco IOS 12.2(25)EWA2
Cisco IOS 12.2(25)EWA14
Cisco IOS 12.2(25)EWA4
Cisco IOS 12.2(20)EWA3
Cisco IOS 12.2(25)EWA3
Cisco IOS 12.2(25)EWA7
Cisco IOS 12.2(20)EWA4
Cisco IOS 12.2(25)EWA12
Cisco IOS 12.2(25)EWA13
Cisco IOS 12.2(20)EWA2
Cisco IOS 12.2(35)SE
Cisco IOS 12.2(18)SE
Cisco IOS 12.2(20)SE
Cisco IOS 12.2(25)SE
Cisco IOS 12.2(37)SE
Cisco IOS 12.2(53)SE1
Cisco IOS 12.2(55)SE
Cisco IOS 12.2(25)SE2
Cisco IOS 12.2(40)SE2
Cisco IOS 12.2(46)SE
Cisco IOS 12.2(46)SE2
Cisco IOS 12.2(50)SE2
Cisco IOS 12.2(35)SE5
Cisco IOS 12.2(50)SE1
Cisco IOS 12.2(44)SE2
Cisco IOS 12.2(20)SE3
Cisco IOS 12.2(35)SE1
Cisco IOS 12.2(50)SE5
Cisco IOS 12.2(44)SE1
Cisco IOS 12.2(53)SE
Cisco IOS 12.2(37)SE1
Cisco IOS 12.2(25)SE3
Cisco IOS 12.2(35)SE3
Cisco IOS 12.2(44)SE4
Cisco IOS 12.2(55)SE3
Cisco IOS 12.2(55)SE2
Cisco IOS 12.2(40)SE
Cisco IOS 12.2(44)SE
Cisco IOS 12.2(52)SE
Cisco IOS 12.2(58)SE
Cisco IOS 12.2(50)SE3
Cisco IOS 12.2(55)SE1
Cisco IOS 12.2(35)SE2
Cisco IOS 12.2(18)SE1
Cisco IOS 12.2(40)SE1
Cisco IOS 12.2(20)SE1
Cisco IOS 12.2(44)SE6
Cisco IOS 12.2(44)SE3
Cisco IOS 12.2(53)SE2
Cisco IOS 12.2(52)SE1
Cisco IOS 12.2(46)SE1
Cisco IOS 12.2(20)SE2
Cisco IOS 12.2(54)SE
Cisco IOS 12.2(44)SE5
Cisco IOS 12.2(50)SE4
Cisco IOS 12.2(50)SE
Cisco IOS 12.2(20)SE4
Cisco IOS 12.2(58)SE1
Cisco IOS 12.2(55)SE4
Cisco IOS 12.2(58)SE2
Cisco IOS 12.2(55)SE5
Cisco IOS 12.2(55)SE6
Cisco IOS 12.2(55)SE7
Cisco IOS 12.2(55)SE8
Cisco IOS 12.2(55)SE9
Cisco IOS 12.2(55)SE10
Cisco IOS 12.2(55)SE11
Cisco IOS 12.2(55)SE12
Cisco IOS 12.2(55)SE13
Cisco IOS 12.1(14)AZ
Cisco IOS 12.2(20)EU
Cisco IOS 12.2(20)EU1
Cisco IOS 12.2(20)EU2
Cisco IOS 12.2(20)EX
Cisco IOS 12.2(44)EX
Cisco IOS 12.2(40)EX3
Cisco IOS 12.2(40)EX
Cisco IOS 12.2(52)EX
Cisco IOS 12.2(44)EX1
Cisco IOS 12.2(40)EX2
Cisco IOS 12.2(40)EX1
Cisco IOS 12.2(55)EX
Cisco IOS 12.2(46)EX
Cisco IOS 12.2(52)EX1
Cisco IOS 12.2(55)EX1
Cisco IOS 12.2(55)EX2
Cisco IOS 12.2(55)EX3
Cisco IOS 12.2(58)EX
Cisco IOS 12.2(25)SEB
Cisco IOS 12.2(25)SEB2
Cisco IOS 12.2(25)SEB1
Cisco IOS 12.2(25)SEB4
Cisco IOS 12.2(25)SEB3
Cisco IOS 12.2(25)SEA
Cisco IOS 12.2(25)EY
Cisco IOS 12.2(46)EY
Cisco IOS 12.2(55)EY
Cisco IOS 12.2(25)EY1
Cisco IOS 12.2(53)EY
Cisco IOS 12.2(25)EY3
Cisco IOS 12.2(37)EY
Cisco IOS 12.2(25)EY2
Cisco IOS 12.2(25)EY4
Cisco IOS 12.2(25)EZ
Cisco IOS 12.2(25)EZ1
Cisco IOS 12.2(58)EZ
Cisco IOS 12.2(53)EZ
Cisco IOS 12.2(55)EZ
Cisco IOS 12.2(60)EZ4
Cisco IOS 12.2(60)EZ5
Cisco IOS 12.2(60)EZ16
Cisco IOS 12.2(25)SEC
Cisco IOS 12.2(25)SEC2
Cisco IOS 12.2(25)SEC1
Cisco IOS 12.2(31)SG
Cisco IOS 12.2(25)SG
Cisco IOS 12.2(37)SG
Cisco IOS 12.2(44)SG
Cisco IOS 12.2(50)SG3
Cisco IOS 12.2(31)SG1
Cisco IOS 12.2(31)SG3
Cisco IOS 12.2(50)SG6
Cisco IOS 12.2(53)SG1
Cisco IOS 12.2(46)SG
Cisco IOS 12.2(25)SG1
Cisco IOS 12.2(53)SG2
Cisco IOS 12.2(50)SG5
Cisco IOS 12.2(37)SG1
Cisco IOS 12.2(53)SG3
Cisco IOS 12.2(50)SG8
Cisco IOS 12.2(25)SG3
Cisco IOS 12.2(50)SG2
Cisco IOS 12.2(40)SG
Cisco IOS 12.2(25)SG2
Cisco IOS 12.2(54)SG1
Cisco IOS 12.2(44)SG1
Cisco IOS 12.2(50)SG1
Cisco IOS 12.2(52)SG
Cisco IOS 12.2(54)SG
Cisco IOS 12.2(31)SG2
Cisco IOS 12.2(50)SG
Cisco IOS 12.2(25)SG4
Cisco IOS 12.2(50)SG7
Cisco IOS 12.2(53)SG4
Cisco IOS 12.2(50)SG4
Cisco IOS 12.2(46)SG1
Cisco IOS 12.2(53)SG5
Cisco IOS 12.2(53)SG6
Cisco IOS 12.2(53)SG7
Cisco IOS 12.2(53)SG8
Cisco IOS 12.2(53)SG9
Cisco IOS 12.2(53)SG10
Cisco IOS 12.2(53)SG11
Cisco IOS 12.2(25)FX
Cisco IOS 12.2(25)FY
Cisco IOS 12.2(25)SEF
Cisco IOS 12.2(25)SEF1
Cisco IOS 12.2(25)SEF2
Cisco IOS 12.2(25)SEF3
Cisco IOS 12.2(25)SEE
Cisco IOS 12.2(25)SEE1
Cisco IOS 12.2(25)SEE3
Cisco IOS 12.2(25)SEE4
Cisco IOS 12.2(25)SEE2
Cisco IOS 12.2(25)SED
Cisco IOS 12.2(25)SED1
Cisco IOS 12.2(31)SGA
Cisco IOS 12.2(31)SGA3
Cisco IOS 12.2(31)SGA2
Cisco IOS 12.2(31)SGA10
Cisco IOS 12.2(31)SGA5
Cisco IOS 12.2(31)SGA4
Cisco IOS 12.2(31)SGA11
Cisco IOS 12.2(31)SGA6
Cisco IOS 12.2(31)SGA1
Cisco IOS 12.2(31)SGA7
Cisco IOS 12.2(31)SGA8
Cisco IOS 12.2(31)SGA9
Cisco IOS 12.2(25)SEG
Cisco IOS 12.2(25)SEG1
Cisco IOS 12.2(25)SEG3
Cisco IOS 12.2(25)FZ
Cisco IOS 12.2(52)XO
Cisco IOS 12.2(54)XO
Cisco IOS 12.2(40)XO
Cisco IOS 12.2(44)SQ
Cisco IOS 12.2(44)SQ2
Cisco IOS 12.2(50)SQ2
Cisco IOS 12.2(50)SQ1
Cisco IOS 12.2(50)SQ
Cisco IOS 12.2(50)SQ3
Cisco IOS 12.2(50)SQ4
Cisco IOS 12.2(50)SQ5
Cisco IOS 12.2(50)SQ6
Cisco IOS 12.2(50)SQ7
Cisco IOS 15.0(1)XO1
Cisco IOS 15.0(1)XO
Cisco IOS 15.0(2)XO
Cisco IOS 15.0(1)EY
Cisco IOS 15.0(1)EY1
Cisco IOS 15.0(1)EY2
Cisco IOS 15.0(2)EY
Cisco IOS 15.0(2)EY1
Cisco IOS 15.0(2)EY2
Cisco IOS 15.0(2)EY3
Cisco IOS 12.2(54)WO
Cisco IOS 12.2(27)SBK9
Cisco IOS 15.0(1)SE
Cisco IOS 15.0(2)SE
Cisco IOS 15.0(1)SE1
Cisco IOS 15.0(1)SE2
Cisco IOS 15.0(1)SE3
Cisco IOS 15.0(2)SE1
Cisco IOS 15.0(2)SE2
Cisco IOS 15.0(2)SE3
Cisco IOS 15.0(2)SE4
Cisco IOS 15.0(2)SE5
Cisco IOS 15.0(2)SE6
Cisco IOS 15.0(2)SE7
Cisco IOS 15.0(2)SE8
Cisco IOS 15.0(2)SE9
Cisco IOS 15.0(2a)SE9
Cisco IOS 15.0(2)SE10
Cisco IOS 15.0(2)SE11
Cisco IOS 15.0(2)SE10a
Cisco IOS 15.0(2)SE12
Cisco IOS 15.1(1)SG
Cisco IOS 15.1(2)SG
Cisco IOS 15.1(1)SG1
Cisco IOS 15.1(1)SG2
Cisco IOS 15.1(2)SG1
Cisco IOS 15.1(2)SG2
Cisco IOS 15.1(2)SG3
Cisco IOS 15.1(2)SG4
Cisco IOS 15.1(2)SG5
Cisco IOS 15.1(2)SG6
Cisco IOS 15.1(2)SG7
Cisco IOS 15.1(2)SG8
Cisco IOS 15.0(2)SG
Cisco IOS 15.0(2)SG1
Cisco IOS 15.0(2)SG2
Cisco IOS 15.0(2)SG3
Cisco IOS 15.0(2)SG4
Cisco IOS 15.0(2)SG5
Cisco IOS 15.0(2)SG6
Cisco IOS 15.0(2)SG7
Cisco IOS 15.0(2)SG8
Cisco IOS 15.0(2)SG9
Cisco IOS 15.0(2)SG10
Cisco IOS 15.0(2)SG11
Cisco IOS 15.0(2)SG11a
Cisco IOS 15.0(2)EX
Cisco IOS 15.0(2)EX1
Cisco IOS 15.0(2)EX2
Cisco IOS 15.0(2)EX3
Cisco IOS 15.0(2)EX4
Cisco IOS 15.0(2)EX5
Cisco IOS 15.0(2)EX6
Cisco IOS 15.0(2)EX7
Cisco IOS 15.0(2)EX8
Cisco IOS 15.0(2a)EX5
Cisco IOS 15.0(2)EX10
Cisco IOS 15.0(2)EX11
Cisco IOS 15.0(2)EX13
Cisco IOS 15.0(2)EX12
Cisco IOS 15.0(2)EA
Cisco IOS 15.0(2)EA1
Cisco IOS 15.2(1)E
Cisco IOS 15.2(2)E
Cisco IOS 15.2(1)E1
Cisco IOS 15.2(3)E
Cisco IOS 15.2(1)E2
Cisco IOS 15.2(1)E3
Cisco IOS 15.2(2)E1
Cisco IOS 15.2(2b)E
Cisco IOS 15.2(4)E
Cisco IOS 15.2(3)E1
Cisco IOS 15.2(2)E2
Cisco IOS 15.2(2a)E1
Cisco IOS 15.2(2)E3
Cisco IOS 15.2(2a)E2
Cisco IOS 15.2(3)E2
Cisco IOS 15.2(3a)E
Cisco IOS 15.2(3)E3
Cisco IOS 15.2(3m)E2
Cisco IOS 15.2(4)E1
Cisco IOS 15.2(2)E4
Cisco IOS 15.2(2)E5
Cisco IOS 15.2(4)E2
Cisco IOS 15.2(4m)E1
Cisco IOS 15.2(3)E4
Cisco IOS 15.2(5)E
Cisco IOS 15.2(3m)E7
Cisco IOS 15.2(4)E3
Cisco IOS 15.2(2)E6
Cisco IOS 15.2(5a)E
Cisco IOS 15.2(5)E1
Cisco IOS 15.2(5b)E
Cisco IOS 15.2(4m)E3
Cisco IOS 15.2(3m)E8
Cisco IOS 15.2(2)E5a
Cisco IOS 15.2(5c)E
Cisco IOS 15.2(3)E5
Cisco IOS 15.2(2)E5b
Cisco IOS 15.2(4n)E2
Cisco IOS 15.2(4o)E2
Cisco IOS 15.2(5a)E1
Cisco IOS 15.2(4)E4
Cisco IOS 15.2(2)E7
Cisco IOS 15.2(5)E2
Cisco IOS 15.2(4p)E1
Cisco IOS 15.2(6)E
Cisco IOS 15.2(5)E2b
Cisco IOS 15.2(4)E5
Cisco IOS 15.2(5)E2c
Cisco IOS 15.2(2)E8
Cisco IOS 15.2(4m)E2
Cisco IOS 15.2(4o)E3
Cisco IOS 15.2(4q)E1
Cisco IOS 15.2(6)E0a
Cisco IOS 15.2(6)E1
Cisco IOS 15.2(2)E7b
Cisco IOS 15.2(4)E5a
Cisco IOS 15.2(6)E0c
Cisco IOS 15.2(4)E6
Cisco IOS 15.2(2)E9
Cisco IOS 15.2(6)E1a
Cisco IOS 15.2(4)E7
Cisco IOS 15.2(6)E1s
Cisco IOS 15.2(4s)E1
Cisco IOS 15.2(2)E9a
Cisco IOS 15.2(4s)E2
Cisco IOS 15.0(2)EZ
Cisco IOS 15.2(2)SC1
Cisco IOS 15.2(2)SC3
Cisco IOS 15.2(2)SC4
Cisco IOS 15.2(1)EY
Cisco IOS 15.0(2)EJ
Cisco IOS 15.0(2)EJ1
Cisco IOS 15.2(5)EX
Cisco IOS 15.5(3)S10c
Cisco IOS 15.2(2)EB
Cisco IOS 15.2(2)EB1
Cisco IOS 15.2(2)EB2
Cisco IOS 15.2(2)EA
Cisco IOS 15.2(2)EA1
Cisco IOS 15.2(2)EA2
Cisco IOS 15.2(3)EA
Cisco IOS 15.2(4)EA
Cisco IOS 15.2(4)EA1
Cisco IOS 15.2(2)EA3
Cisco IOS 15.2(4)EA3
Cisco IOS 15.2(5)EA
Cisco IOS 15.2(4)EA4
Cisco IOS 15.2(4)EA2
Cisco IOS 15.2(4)EA5
Cisco IOS 15.2(4)EA6
Cisco IOS 15.2(4)EA7
Cisco IOS 15.2(4)EA8
Cisco IOS 15.3(3)JAA1
Cisco IOS 15.0(2)SQD
Cisco IOS 15.0(2)SQD1
Cisco IOS 15.0(2)SQD2
Cisco IOS 15.0(2)SQD3
Cisco IOS 15.0(2)SQD4
Cisco IOS 15.0(2)SQD5
Cisco IOS 15.0(2)SQD6
Cisco IOS 15.0(2)SQD7
Cisco IOS 15.0(2)SQD8
Cisco IOS 15.2(4)EC1
Cisco IOS 15.2(4)EC2
Cisco IOS 12.2(6)I1
Cisco IOS 15.1(3)SVS
Cisco IOS 15.1(3)SVT1
Cisco IOS 15.1(3)SVT3
Cisco IOS 15.1(3)SVT4
Cisco IOS 15.1(3)SVU1
Cisco IOS 15.1(3)SVU10
Cisco IOS 15.1(3)SVU2
Cisco IOS 15.1(3)SVU11
Cisco IOS 15.1(3)SVU21
Cisco IOS 15.1(3)SVV1
Cisco IOS 15.1(3)SVV2
Cisco IOS 15.1(3)SVV3
Cisco IOS 15.1(3)SVV4
Cisco IOS 15.1(3)SVW
Cisco IOS 15.1(3)SVW1
Cisco IOS 15.1(3)SVX
Cisco IOS 15.1(3)SVX1
Cisco IOS XE Software 3.2.0SG
Cisco IOS XE Software 3.2.1SG
Cisco IOS XE Software 3.2.2SG
Cisco IOS XE Software 3.2.3SG
Cisco IOS XE Software 3.2.4SG
Cisco IOS XE Software 3.2.5SG
Cisco IOS XE Software 3.2.6SG
Cisco IOS XE Software 3.2.7SG
Cisco IOS XE Software 3.2.8SG
Cisco IOS XE Software 3.2.9SG
Cisco IOS XE Software 3.2.10SG
Cisco IOS XE Software 3.2.11SG
Cisco IOS XE Software 3.3.0SG
Cisco IOS XE Software 3.3.2SG
Cisco IOS XE Software 3.3.1SG
Cisco IOS XE Software 3.3.0XO
Cisco IOS XE Software 3.3.1XO
Cisco IOS XE Software 3.3.2XO
Cisco IOS XE Software 3.4.0SG
Cisco IOS XE Software 3.4.2SG
Cisco IOS XE Software 3.4.1SG
Cisco IOS XE Software 3.4.3SG
Cisco IOS XE Software 3.4.4SG
Cisco IOS XE Software 3.4.5SG
Cisco IOS XE Software 3.4.6SG
Cisco IOS XE Software 3.4.7SG
Cisco IOS XE Software 3.4.8SG
Cisco IOS XE Software 3.5.0E
Cisco IOS XE Software 3.5.1E
Cisco IOS XE Software 3.5.2E
Cisco IOS XE Software 3.5.3E
Cisco IOS XE Software 3.6.0E
Cisco IOS XE Software 3.6.1E
Cisco IOS XE Software 3.6.0bE
Cisco IOS XE Software 3.6.3E
Cisco IOS XE Software 3.6.4E
Cisco IOS XE Software 3.6.5E
Cisco IOS XE Software 3.6.6E
Cisco IOS XE Software 3.6.5aE
Cisco IOS XE Software 3.6.5bE
Cisco IOS XE Software 3.6.7E
Cisco IOS XE Software 3.6.8E
Cisco IOS XE Software 3.6.9E
Cisco IOS XE Software 3.3.0SQ
Cisco IOS XE Software 3.3.1SQ
Cisco IOS XE Software 3.4.0SQ
Cisco IOS XE Software 3.4.1SQ
Cisco IOS XE Software 3.7.0E
Cisco IOS XE Software 3.7.1E
Cisco IOS XE Software 3.7.2E
Cisco IOS XE Software 3.7.3E
Cisco IOS XE Software 3.7.4E
Cisco IOS XE Software 3.7.5E
Cisco IOS XE Software 3.5.0SQ
Cisco IOS XE Software 3.5.1SQ
Cisco IOS XE Software 3.5.2SQ
Cisco IOS XE Software 3.5.3SQ
Cisco IOS XE Software 3.5.4SQ
Cisco IOS XE Software 3.5.5SQ
Cisco IOS XE Software 3.5.6SQ
Cisco IOS XE Software 3.5.7SQ
Cisco IOS XE Software 3.5.8SQ
Cisco IOS XE Software 3.8.0E
Cisco IOS XE Software 3.8.1E
Cisco IOS XE Software 3.8.2E
Cisco IOS XE Software 3.8.3E
Cisco IOS XE Software 3.8.4E
Cisco IOS XE Software 3.8.5E
Cisco IOS XE Software 3.8.5aE
Cisco IOS XE Software 3.8.6E
Cisco IOS XE Software 3.8.7E
Cisco IOS XE Software 3.18.0SP
Cisco IOS XE Software 3.9.0E
Cisco IOS XE Software 3.9.1E
Cisco IOS XE Software 3.9.2E
Cisco IOS XE Software 3.9.2bE
Cisco IOS XE Software 3.10.0E
Cisco IOS XE Software 3.10.1E
Cisco IOS XE Software 3.10.0cE
Cisco IOS XE Software 3.10.1aE
Cisco IOS XE Software 3.10.1sE
Cisco IOS XE Software 16.11.2
Cisco IOS XE Software 16.12.5a
Cisco IOS XE Software 17.3.1
Cisco IOS XE Software 17.10.1a
Cisco IOS XE Software 17.8.1
Cisco IOS XE Software 17.9.5a
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
CSCvj25124
CSCvj25124,CSCvj25068
Complete.
CVE-2019-1746
CVRFPID-103473
CVRFPID-103492
CVRFPID-103499
CVRFPID-103559
CVRFPID-103567
CVRFPID-103646
CVRFPID-103648
CVRFPID-103678
CVRFPID-103684
CVRFPID-103736
CVRFPID-103763
CVRFPID-103766
CVRFPID-103774
CVRFPID-103775
CVRFPID-103801
CVRFPID-103840
CVRFPID-103921
CVRFPID-103930
CVRFPID-103955
CVRFPID-104041
CVRFPID-104061
CVRFPID-104089
CVRFPID-104091
CVRFPID-104100
CVRFPID-104101
CVRFPID-104153
CVRFPID-104158
CVRFPID-104191
CVRFPID-104254
CVRFPID-104255
CVRFPID-104305
CVRFPID-104313
CVRFPID-104342
CVRFPID-104355
CVRFPID-104376
CVRFPID-104427
CVRFPID-104467
CVRFPID-104494
CVRFPID-104578
CVRFPID-104591
CVRFPID-104630
CVRFPID-104642
CVRFPID-104662
CVRFPID-104696
CVRFPID-104706
CVRFPID-104719
CVRFPID-104743
CVRFPID-104746
CVRFPID-104806
CVRFPID-104815
CVRFPID-104833
CVRFPID-104850
CVRFPID-104855
CVRFPID-104896
CVRFPID-104903
CVRFPID-104970
CVRFPID-104972
CVRFPID-105043
CVRFPID-105058
CVRFPID-105111
CVRFPID-105183
CVRFPID-105185
CVRFPID-105186
CVRFPID-105216
CVRFPID-105253
CVRFPID-105285
CVRFPID-105290
CVRFPID-105299
CVRFPID-105302
CVRFPID-105328
CVRFPID-105392
CVRFPID-105394
CVRFPID-105430
CVRFPID-105444
CVRFPID-105466
CVRFPID-105485
CVRFPID-105492
CVRFPID-105513
CVRFPID-105539
CVRFPID-105572
CVRFPID-105660
CVRFPID-105689
CVRFPID-105702
CVRFPID-105704
CVRFPID-105741
CVRFPID-105760
CVRFPID-105765
CVRFPID-105780
CVRFPID-105824
CVRFPID-105881
CVRFPID-105923
CVRFPID-105965
CVRFPID-105973
CVRFPID-105987
CVRFPID-106016
CVRFPID-106029
CVRFPID-106059
CVRFPID-106071
CVRFPID-106072
CVRFPID-106089
CVRFPID-106145
CVRFPID-106156
CVRFPID-106163
CVRFPID-106203
CVRFPID-106232
CVRFPID-106247
CVRFPID-106291
CVRFPID-106323
CVRFPID-106401
CVRFPID-106449
CVRFPID-106466
CVRFPID-106496
CVRFPID-106526
CVRFPID-106528
CVRFPID-106540
CVRFPID-106564
CVRFPID-106570
CVRFPID-106606
CVRFPID-106674
CVRFPID-106684
CVRFPID-106686
CVRFPID-106718
CVRFPID-106733
CVRFPID-106746
CVRFPID-106886
CVRFPID-106930
CVRFPID-106971
CVRFPID-106997
CVRFPID-107002
CVRFPID-107077
CVRFPID-107094
CVRFPID-107108
CVRFPID-107112
CVRFPID-107135
CVRFPID-107142
CVRFPID-107209
CVRFPID-107283
CVRFPID-107301
CVRFPID-107304
CVRFPID-107308
CVRFPID-107325
CVRFPID-107476
CVRFPID-107495
CVRFPID-107544
CVRFPID-107591
CVRFPID-107630
CVRFPID-107645
CVRFPID-107650
CVRFPID-107664
CVRFPID-107692
CVRFPID-107832
CVRFPID-107852
CVRFPID-108062
CVRFPID-108172
CVRFPID-108306
CVRFPID-109098
CVRFPID-109242
CVRFPID-109439
CVRFPID-109760
CVRFPID-109808
CVRFPID-110186
CVRFPID-111005
CVRFPID-111010
CVRFPID-111019
CVRFPID-111045
CVRFPID-111384
CVRFPID-111674
CVRFPID-112131
CVRFPID-112141
CVRFPID-113948
CVRFPID-113961
CVRFPID-114093
CVRFPID-114665
CVRFPID-115477
CVRFPID-115688
CVRFPID-115832
CVRFPID-115939
CVRFPID-115969
CVRFPID-116083
CVRFPID-117196
CVRFPID-117280
CVRFPID-117282
CVRFPID-117871
CVRFPID-183811
CVRFPID-184125
CVRFPID-184567
CVRFPID-185274
CVRFPID-185281
CVRFPID-187057
CVRFPID-187233
CVRFPID-187269
CVRFPID-187932
CVRFPID-188035
CVRFPID-188816
CVRFPID-189064
CVRFPID-189115
CVRFPID-189187
CVRFPID-189455
CVRFPID-190250
CVRFPID-190635
CVRFPID-190637
CVRFPID-191928
CVRFPID-191948
CVRFPID-192163
CVRFPID-192706
CVRFPID-192831
CVRFPID-192910
CVRFPID-192911
CVRFPID-193033
CVRFPID-193283
CVRFPID-194540
CVRFPID-194649
CVRFPID-194741
CVRFPID-194913
CVRFPID-195469
CVRFPID-195481
CVRFPID-195489
CVRFPID-195770
CVRFPID-195943
CVRFPID-197462
CVRFPID-197465
CVRFPID-197471
CVRFPID-197480
CVRFPID-197481
CVRFPID-197483
CVRFPID-197488
CVRFPID-198060
CVRFPID-198063
CVRFPID-198542
CVRFPID-200488
CVRFPID-200496
CVRFPID-201074
CVRFPID-201366
CVRFPID-202716
CVRFPID-204094
CVRFPID-204097
CVRFPID-204099
CVRFPID-204102
CVRFPID-204108
CVRFPID-204186
CVRFPID-204187
CVRFPID-204228
CVRFPID-204324
CVRFPID-204818
CVRFPID-204831
CVRFPID-205064
CVRFPID-205672
CVRFPID-209028
CVRFPID-209029
CVRFPID-209030
CVRFPID-209031
CVRFPID-209034
CVRFPID-209045
CVRFPID-209046
CVRFPID-209047
CVRFPID-209049
CVRFPID-209050
CVRFPID-209051
CVRFPID-209060
CVRFPID-209061
CVRFPID-209358
CVRFPID-209359
CVRFPID-209628
CVRFPID-209839
CVRFPID-209887
CVRFPID-210203
CVRFPID-210732
CVRFPID-210766
CVRFPID-210958
CVRFPID-211290
CVRFPID-211296
CVRFPID-211570
CVRFPID-212329
CVRFPID-213610
CVRFPID-213788
CVRFPID-214072
CVRFPID-214078
CVRFPID-214217
CVRFPID-214218
CVRFPID-214556
CVRFPID-214797
CVRFPID-214965
CVRFPID-214992
CVRFPID-216295
CVRFPID-217078
CVRFPID-217805
CVRFPID-218891
CVRFPID-218995
CVRFPID-220038
CVRFPID-220441
CVRFPID-220457
CVRFPID-220460
CVRFPID-220461
CVRFPID-220466
CVRFPID-220507
CVRFPID-220664
CVRFPID-220670
CVRFPID-220689
CVRFPID-221033
CVRFPID-221137
CVRFPID-222275
CVRFPID-222342
CVRFPID-222419
CVRFPID-222436
CVRFPID-222500
CVRFPID-222530
CVRFPID-222924
CVRFPID-223086
CVRFPID-223143
CVRFPID-224553
CVRFPID-224868
CVRFPID-225160
CVRFPID-225358
CVRFPID-225740
CVRFPID-226038
CVRFPID-226077
CVRFPID-227364
CVRFPID-227598
CVRFPID-227754
CVRFPID-227959
CVRFPID-228057
CVRFPID-228075
CVRFPID-228151
CVRFPID-230587
CVRFPID-230588
CVRFPID-230589
CVRFPID-230590
CVRFPID-230591
CVRFPID-230592
CVRFPID-230594
CVRFPID-230962
CVRFPID-230965
CVRFPID-230990
CVRFPID-230992
CVRFPID-231074
CVRFPID-231245
CVRFPID-231471
CVRFPID-232765
CVRFPID-232850
CVRFPID-234926
CVRFPID-238999
CVRFPID-239053
CVRFPID-240186
CVRFPID-241614
CVRFPID-241916
CVRFPID-243144
CVRFPID-247572
CVRFPID-250628
CVRFPID-262335
CVRFPID-262536
CVRFPID-277232
CVRFPID-280759
CVRFPID-283833
CVRFPID-284291
CVRFPID-284341
CVRFPID-284566
CVRFPID-284568
CVRFPID-284785
CVRFPID-286029
CVRFPID-286399
CVRFPID-286400
CVRFPID-286451
CVRFPID-286844
CVRFPID-286927
CVRFPID-286940
CVRFPID-289301
CVRFPID-289371
CVRFPID-290557
CVRFPID-35244
CVRFPID-59974
CVRFPID-60292
CVRFPID-60350
CVRFPID-60351
CVRFPID-60358
CVRFPID-60365
CVRFPID-60367
CVRFPID-60368
CVRFPID-60369
CVRFPID-60399
CVRFPID-62580
CVRFPID-62582
CVRFPID-62587
CVRFPID-62600
CVRFPID-62601
CVRFPID-63898
CVRFPID-63903
CVRFPID-63905
CVRFPID-63911
CVRFPID-63912
CVRFPID-63913
CVRFPID-63914
CVRFPID-63915
CVRFPID-63916
CVRFPID-63918
CVRFPID-63919
CVRFPID-63920
CVRFPID-63936
CVRFPID-69479
CVRFPID-69801
CVRFPID-78260
CVRFPID-95363
CVRFPID-112457
CVRFPID-112458
CVRFPID-188726
CVRFPID-196220
CVRFPID-196224
CVRFPID-196225
CVRFPID-196226
CVRFPID-196227
CVRFPID-196228
CVRFPID-196230
CVRFPID-196231
CVRFPID-196287
CVRFPID-196288
CVRFPID-197145
CVRFPID-206163
CVRFPID-206164
CVRFPID-206165
CVRFPID-206166
CVRFPID-206167
CVRFPID-206168
CVRFPID-206169
CVRFPID-206170
CVRFPID-206172
CVRFPID-206173
CVRFPID-206195
CVRFPID-206196
CVRFPID-206197
CVRFPID-206198
CVRFPID-206205
CVRFPID-206206
CVRFPID-206208
CVRFPID-206209
CVRFPID-206211
CVRFPID-210068
CVRFPID-210070
CVRFPID-210072
CVRFPID-210074
CVRFPID-210076
CVRFPID-210077
CVRFPID-212674
CVRFPID-213785
CVRFPID-213786
CVRFPID-213787
CVRFPID-213790
CVRFPID-213797
CVRFPID-213811
CVRFPID-213812
CVRFPID-217276
CVRFPID-217278
CVRFPID-217279
CVRFPID-217280
CVRFPID-217282
CVRFPID-217283
CVRFPID-220290
CVRFPID-220357
CVRFPID-220489
CVRFPID-220671
CVRFPID-221108
CVRFPID-221184
CVRFPID-221185
CVRFPID-222435
CVRFPID-222483
CVRFPID-222695
CVRFPID-224840
CVRFPID-225360
CVRFPID-226037
CVRFPID-226158
CVRFPID-226331
CVRFPID-227513
CVRFPID-227555
CVRFPID-227755
CVRFPID-228689
CVRFPID-229136
CVRFPID-231004
CVRFPID-231246
CVRFPID-231472
CVRFPID-232766
CVRFPID-232851
CVRFPID-239000
CVRFPID-239007
CVRFPID-240187
CVRFPID-254712
CVRFPID-261240
CVRFPID-278023
CVRFPID-281438
CVRFPID-290580
CVRFPID-301278
7.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
There are no workarounds that address this vulnerability.
Disabling CMP would eliminate the exploit vector. Administrators can disable CMP by using the no cluster run command in global configuration mode. This action may be a suitable mitigation until switches that are affected by this vulnerability can be upgraded.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability