Lucene search

[email protected]NVD:CVE-2019-12646

HistorySep 25, 2019 - 8:15 p.m.

CVE-2019-12646

2019-09-2520:15:10

CWE-665

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

44.8%

JSON

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Affected configurations

Nvd

Node

ciscoios_xeMatch15.4\(3\)s

ciscoios_xeMatch15.5\(3\)s

ciscoios_xeMatch15.6\(1\)s

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.12.1

AND

cisco1100-4pMatch-

cisco1100-8pMatch-

cisco1101-4pMatch-

cisco1109-2pMatch-

cisco1109-4pMatch-

cisco1111x-8pMatch-

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

ciscocsr_1000vMatch-

ciscoencs_5100Match-

ciscoencs_5400Match-

ciscoisrvMatch-

VendorProductVersionCPE
ciscoios_xe15.4(3)scpe:2.3:o:cisco:ios_xe:15.4\(3\)s:*:*:*:*:*:*:*
ciscoios_xe15.5(3)scpe:2.3:o:cisco:ios_xe:15.5\(3\)s:*:*:*:*:*:*:*
ciscoios_xe15.6(1)scpe:2.3:o:cisco:ios_xe:15.6\(1\)s:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
ciscoios_xe16.4.1cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*
ciscoios_xe16.5.1cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*
ciscoios_xe16.6.1cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*
ciscoios_xe16.7.1cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*
ciscoios_xe16.8.1cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
ciscoios_xe16.9.1cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	15.4(3)s	cpe:2.3:o:cisco:ios_xe:15.4\(3\)s:::::::*
cisco	ios_xe	15.5(3)s	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s:::::::*
cisco	ios_xe	15.6(1)s	cpe:2.3:o:cisco:ios_xe:15.6\(1\)s:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
cisco	ios_xe	16.4.1	cpe:2.3:o:cisco:ios_xe:16.4.1:::::::*
cisco	ios_xe	16.5.1	cpe:2.3:o:cisco:ios_xe:16.5.1:::::::*
cisco	ios_xe	16.6.1	cpe:2.3:o:cisco:ios_xe:16.6.1:::::::*
cisco	ios_xe	16.7.1	cpe:2.3:o:cisco:ios_xe:16.7.1:::::::*
cisco	ios_xe	16.8.1	cpe:2.3:o:cisco:ios_xe:16.8.1:::::::*
cisco	ios_xe	16.9.1	cpe:2.3:o:cisco:ios_xe:16.9.1:::::::*

Rows per page:

1-10 of 251

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

44.8%

JSON

Related for NVD:CVE-2019-12646

cisco1 nessus1 prion1 cvelist1 cve1