Lucene search

CiscoCVE-2019-12669

HistorySep 25, 2019 - 9:15 p.m.

CVE-2019-12669

2019-09-2521:15:11

CWE-20

cisco

web.nvd.nist.gov

cisco

trustsec

radius

coa

denial of service

vulnerability

remote attacker

dos

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Affected configurations

Nvd

Node

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(3\)e5

ciscoiosMatch16.11.1

AND

ciscocatalyst_3560Match-

ciscocatalyst_3560-eMatch-

ciscocatalyst_3560-xMatch-

VendorProductVersionCPE
ciscoios15.2(3)ecpe:2.3:o:cisco:ios:15.2\(3\)e:*:*:*:*:*:*:*
ciscoios15.2(3)e5cpe:2.3:o:cisco:ios:15.2\(3\)e5:*:*:*:*:*:*:*
ciscoios16.11.1cpe:2.3:o:cisco:ios:16.11.1:*:*:*:*:*:*:*
ciscocatalyst_3560-cpe:2.3:h:cisco:catalyst_3560:-:*:*:*:*:*:*:*
ciscocatalyst_3560-e-cpe:2.3:h:cisco:catalyst_3560-e:-:*:*:*:*:*:*:*
ciscocatalyst_3560-x-cpe:2.3:h:cisco:catalyst_3560-x:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.2(3)e	cpe:2.3:o:cisco:ios:15.2\(3\)e:::::::*
cisco	ios	15.2(3)e5	cpe:2.3:o:cisco:ios:15.2\(3\)e5:::::::*
cisco	ios	16.11.1	cpe:2.3:o:cisco:ios:16.11.1:::::::*
cisco	catalyst_3560	-	cpe:2.3:h:cisco:catalyst_3560:-:::::::*
cisco	catalyst_3560-e	-	cpe:2.3:h:cisco:catalyst_3560-e:-:::::::*
cisco	catalyst_3560-x	-	cpe:2.3:h:cisco:catalyst_3560-x:-:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 3.2.9SG",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-tsec

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2019-12669