CVE-2019-12656

EPSS 1.47%
Published 25.09.2019 21:15:10
Last modified 21.11.2024 04:23:16
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version1.6.0.0

Cisco ≫ Ios Version1.8.0

Cisco ≫ Industrial Ethernet 2000 Series Firmware Version15.2(6)e

   Cisco ≫ Ie 2000-16ptc-g Version-
   Cisco ≫ Ie 2000-16t67 Version-
   Cisco ≫ Ie 2000-16t67p Version-
   Cisco ≫ Ie 2000-16tc Version-
   Cisco ≫ Ie 2000-16tc-g Version-
   Cisco ≫ Ie 2000-16tc-g-e Version-
   Cisco ≫ Ie 2000-16tc-g-n Version-
   Cisco ≫ Ie 2000-16tc-g-x Version-
   Cisco ≫ Ie 2000-24t67 Version-
   Cisco ≫ Ie 2000-4s-ts-g Version-
   Cisco ≫ Ie 2000-4t Version-
   Cisco ≫ Ie 2000-4t-g Version-
   Cisco ≫ Ie 2000-4ts Version-
   Cisco ≫ Ie 2000-4ts-g Version-
   Cisco ≫ Ie 2000-8t67 Version-
   Cisco ≫ Ie 2000-8t67p Version-
   Cisco ≫ Ie 2000-8tc Version-
   Cisco ≫ Ie 2000-8tc-g Version-
   Cisco ≫ Ie 2000-8tc-g-e Version-
   Cisco ≫ Ie 2000-8tc-g-n Version-

Cisco ≫ Ic3000 Firmware Version-

Cisco ≫ Ic3000 Version-

Cisco ≫ Ie 4000 Firmware Version-

Cisco ≫ Ie 4000 Version-

Cisco ≫ Cgr 1000 Firmware Version-

Cisco ≫ Cgr 1000 Version-

Cisco ≫ Ir510 Wpan Firmware Version-

Cisco ≫ Ir510 Wpan Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.47%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12656

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12656

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12656

EUVD