CVE-2019-12647
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version fuji-16.7.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 | All versions |
Cisco 4221 | All versions |
Cisco 4321 | All versions |
Cisco 4351 | All versions |
Cisco 4431 | All versions |
Cisco 4451 X | All versions |
Cisco Asr 1000 | All versions |
Cisco Asr 1001 Hx | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 Hx | All versions |
Cisco Asr 1002 X | All versions |
Cisco Asr 900 | All versions |
Cisco Asr 920 10sz Pd | All versions |
Cisco Asr 920 12cz A | All versions |
Cisco Asr 920 12cz D | All versions |
Cisco Asr 920 12sz Im | All versions |
Cisco Asr 920 24sz Im | All versions |
Cisco Asr 920 24sz M | All versions |
Cisco Asr 920 24tz M | All versions |
Cisco Asr 920 4sz A | All versions |
Cisco Asr 920 4sz D | All versions |
Cisco Cloud Services Router 1000v | All versions |
Cisco Ncs 4201 | All versions |
Cisco Ncs 4202 | All versions |
Cisco Ncs 4206 | All versions |
Cisco Ncs 4216 | All versions |
Cisco Network Convergence System 520 | All versions |
Related CWEs
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.