Lucene search

CiscoCVE-2019-12663

HistorySep 25, 2019 - 9:15 p.m.

CVE-2019-12663

2019-09-2521:15:11

CWE-20

cisco

web.nvd.nist.gov

cve-2019-12663

cisco

trustsec

cts

pac

provisioning module

ios xe software

vulnerability

nvd

denial of service

dos

radius

message

attribute validation

remote attacker

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.12.1

AND

ciscocatalyst_9300-24p-aMatch-

ciscocatalyst_9300-24p-eMatch-

ciscocatalyst_9300-24s-aMatch-

ciscocatalyst_9300-24s-eMatch-

ciscocatalyst_9300-24t-aMatch-

ciscocatalyst_9300-24t-eMatch-

ciscocatalyst_9300-24u-aMatch-

ciscocatalyst_9300-24u-eMatch-

ciscocatalyst_9300-24ux-aMatch-

ciscocatalyst_9300-24ux-eMatch-

ciscocatalyst_9300-48p-aMatch-

ciscocatalyst_9300-48p-eMatch-

ciscocatalyst_9300-48s-aMatch-

ciscocatalyst_9300-48s-eMatch-

ciscocatalyst_9300-48t-aMatch-

ciscocatalyst_9300-48t-eMatch-

ciscocatalyst_9300-48u-aMatch-

ciscocatalyst_9300-48u-eMatch-

ciscocatalyst_9300-48un-aMatch-

ciscocatalyst_9300-48un-eMatch-

ciscocatalyst_9300-48uxm-aMatch-

ciscocatalyst_9300-48uxm-eMatch-

ciscocatalyst_9300l-24p-4g-aMatch-

ciscocatalyst_9300l-24p-4g-eMatch-

ciscocatalyst_9300l-24p-4x-aMatch-

ciscocatalyst_9300l-24p-4x-eMatch-

ciscocatalyst_9300l-24t-4g-aMatch-

ciscocatalyst_9300l-24t-4g-eMatch-

ciscocatalyst_9300l-24t-4x-aMatch-

ciscocatalyst_9300l-24t-4x-eMatch-

ciscocatalyst_9300l-48p-4g-aMatch-

ciscocatalyst_9300l-48p-4g-eMatch-

ciscocatalyst_9300l-48p-4x-aMatch-

ciscocatalyst_9300l-48p-4x-eMatch-

ciscocatalyst_9300l-48t-4g-aMatch-

ciscocatalyst_9300l-48t-4g-eMatch-

ciscocatalyst_9300l-48t-4x-aMatch-

ciscocatalyst_9300l-48t-4x-eMatch-

ciscocatalyst_9300l_stackMatch-

ciscocatalyst_c9500-12q-aMatch-

ciscocatalyst_c9500-12q-eMatch-

ciscocatalyst_c9500-16x-aMatch-

ciscocatalyst_c9500-16x-eMatch-

ciscocatalyst_c9500-24q-aMatch-

ciscocatalyst_c9500-24q-eMatch-

ciscocatalyst_c9500-40x-aMatch-

ciscocatalyst_c9500-40x-eMatch-

ciscocbr-8_converged_broadband_routerMatch-

VendorProductVersionCPE
ciscoios_xe16.6.4cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*
ciscoios_xe16.12.1cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*
ciscocatalyst_9300-24p-a-cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24p-e-cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24s-a-cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24s-e-cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24t-a-cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24t-e-cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24u-a-cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*
ciscocatalyst_9300-24u-e-cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.6.4	cpe:2.3:o:cisco:ios_xe:16.6.4:::::::*
cisco	ios_xe	16.12.1	cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
cisco	catalyst_9300-24p-a	-	cpe:2.3:h:cisco:catalyst_9300-24p-a:-:::::::*
cisco	catalyst_9300-24p-e	-	cpe:2.3:h:cisco:catalyst_9300-24p-e:-:::::::*
cisco	catalyst_9300-24s-a	-	cpe:2.3:h:cisco:catalyst_9300-24s-a:-:::::::*
cisco	catalyst_9300-24s-e	-	cpe:2.3:h:cisco:catalyst_9300-24s-e:-:::::::*
cisco	catalyst_9300-24t-a	-	cpe:2.3:h:cisco:catalyst_9300-24t-a:-:::::::*
cisco	catalyst_9300-24t-e	-	cpe:2.3:h:cisco:catalyst_9300-24t-e:-:::::::*
cisco	catalyst_9300-24u-a	-	cpe:2.3:h:cisco:catalyst_9300-24u-a:-:::::::*
cisco	catalyst_9300-24u-e	-	cpe:2.3:h:cisco:catalyst_9300-24u-e:-:::::::*

Rows per page:

1-10 of 501

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

Related for CVE-2019-12663