CVE-2019-12665

EPSS 0.29%
Published 25.09.2019 21:15:11
Last modified 21.11.2024 04:23:18
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version15.6(2)t

Cisco ≫ Ios Versionfd-1.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.492

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
psirt@cisco.com	4.8	2.2	2.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12665

EUVD