CVE-2019-12665

EPSS 0.29%
Veröffentlicht 25.09.2019 21:15:11
Zuletzt bearbeitet 21.11.2024 04:23:18
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version15.6(2)t

Cisco ≫ Ios Versionfd-1.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
psirt@cisco.com	4.8	2.2	2.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12665

EUVD