CVE-2019-12656

Published: Sep 25, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

Affected (7)

Products: Cisco: Ios, Industrial Ethernet 2000 Series Firmware, Ic3000 Firmware, Ie 4000 Firmware, Cgr 1000 Firmware, Ir510 Wpan Firmware

Cisco

6 products

Ios

Industrial Ethernet 2000 Series Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Version 1.6.0.0
Cisco Ios	Version 1.8.0

Configuration B

1 vulnerable · 20 platform

Vulnerable Software	Affected Versions
Cisco Industrial Ethernet 2000 Series Firmware	Version 15.2(6)e

Running on/with	Platform Versions
Cisco Ie 2000 16ptc G	All versions
Cisco Ie 2000 16t67	All versions
Cisco Ie 2000 16t67p	All versions
Cisco Ie 2000 16tc	All versions
Cisco Ie 2000 16tc G	All versions
Cisco Ie 2000 16tc G E	All versions
Cisco Ie 2000 16tc G N	All versions
Cisco Ie 2000 16tc G X	All versions
Cisco Ie 2000 24t67	All versions
Cisco Ie 2000 4s Ts G	All versions
Cisco Ie 2000 4t	All versions
Cisco Ie 2000 4t G	All versions
Cisco Ie 2000 4ts	All versions
Cisco Ie 2000 4ts G	All versions
Cisco Ie 2000 8t67	All versions
Cisco Ie 2000 8t67p	All versions
Cisco Ie 2000 8tc	All versions
Cisco Ie 2000 8tc G	All versions
Cisco Ie 2000 8tc G E	All versions
Cisco Ie 2000 8tc G N	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ic3000 Firmware	All versions

Running on/with	Platform Versions
Cisco Ic3000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ie 4000 Firmware	All versions

Running on/with	Platform Versions
Cisco Ie 4000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Cgr 1000 Firmware	All versions

Running on/with	Platform Versions
Cisco Cgr 1000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ir510 Wpan Firmware	All versions

Running on/with	Platform Versions
Cisco Ir510 Wpan	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.