Lucene search

[email protected]NVD:CVE-2019-12654

HistorySep 25, 2019 - 9:15 p.m.

CVE-2019-12654

2019-09-2521:15:10

CWE-476

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Affected configurations

Nvd

Node

ciscoios_xeMatch15.6\(1\)s4.2

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.9.1

AND

cisco1000_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco4000_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4321_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4351_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451-x_integrated_services_routerMatch-

ciscoasr_1000Match-

ciscoasr_1001-hxMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscocloud_services_router_1000vMatch-

ciscointegrated_services_virtual_routerMatch-

VendorProductVersionCPE
ciscoios_xe15.6(1)s4.2cpe:2.3:o:cisco:ios_xe:15.6\(1\)s4.2:*:*:*:*:*:*:*
ciscoios_xe16.3.8cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*
ciscoios_xe16.9.1cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*
cisco1000_integrated_services_router-cpe:2.3:h:cisco:1000_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100_integrated_services_router-cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cisco4000_integrated_services_router-cpe:2.3:h:cisco:4000_integrated_services_router:-:*:*:*:*:*:*:*
cisco4221_integrated_services_router-cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cisco4321_integrated_services_router-cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cisco4331_integrated_services_router-cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cisco4351_integrated_services_router-cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	15.6(1)s4.2	cpe:2.3:o:cisco:ios_xe:15.6\(1\)s4.2:::::::*
cisco	ios_xe	16.3.8	cpe:2.3:o:cisco:ios_xe:16.3.8:::::::*
cisco	ios_xe	16.9.1	cpe:2.3:o:cisco:ios_xe:16.9.1:::::::*
cisco	1000_integrated_services_router	-	cpe:2.3:h:cisco:1000_integrated_services_router:-:::::::*
cisco	1100_integrated_services_router	-	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
cisco	4000_integrated_services_router	-	cpe:2.3:h:cisco:4000_integrated_services_router:-:::::::*
cisco	4221_integrated_services_router	-	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
cisco	4321_integrated_services_router	-	cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::*
cisco	4331_integrated_services_router	-	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
cisco	4351_integrated_services_router	-	cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*

Rows per page:

1-10 of 191

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Related for NVD:CVE-2019-12654

prion1 nessus2 cvelist1 cisco1 cve1