Sign-up

ID

VAR-201909-0155


CVE

CVE-2019-12646


TITLE

Cisco IOS XE Software initialization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010175

DESCRIPTION

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco IOS XE The software contains an initialization vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment. The following products and versions are affected: Cisco 1100, 4200, and 4300 Integrated Services Routers (ISRs); Cloud Services Router (CSR) 1000V Series; Enterprise Network Compute System (ENCS); Integrated Services Virtual Router (ISRv)

Trust: 1.71

sources: NVD: CVE-2019-12646 // JVNDB: JVNDB-2019-010175 // VULHUB: VHN-144413

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.4\(3\)s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.5\(3\)s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.6\(1\)s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:15.53s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:15.61s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:15.43s

Trust: 0.6

sources: JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12646
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12646
value: HIGH

Trust: 1.0

NVD: CVE-2019-12646
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1120
value: HIGH

Trust: 0.6

VULHUB: VHN-144413
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12646
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144413
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12646
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12646
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12646
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646 // NVD: CVE-2019-12646

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.9

problemtype:CWE-399

Trust: 1.0

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // NVD: CVE-2019-12646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1120

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1120

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010175

PATCH
title:cisco-sa-20190925-sip-algurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg
Trust: 0.8
title:Cisco IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98538
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010175 // 
            
            
            
            CNNVD: CNNVD-201909-1120

EXTERNAL IDS
db:NVDid:CVE-2019-12646
Trust: 2.5
db:JVNDBid:JVNDB-2019-010175
Trust: 0.8
db:CNNVDid:CNNVD-201909-1120
Trust: 0.7
db:AUSCERTid:ESB-2019.3615.2
Trust: 0.6
db:AUSCERTid:ESB-2019.3615
Trust: 0.6
db:VULHUBid:VHN-144413
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144413 // 
            
            
            
            JVNDB: JVNDB-2019-010175 // 
            
            
            
            CNNVD: CNNVD-201909-1120 // 
            
            
            
            NVD: CVE-2019-12646

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12646
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12646
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs
Trust: 0.6
url:httpserv-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-nat-sip-30440
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144413 // 
            
            
            
            JVNDB: JVNDB-2019-010175 // 
            
            
            
            CNNVD: CNNVD-201909-1120 // 
            
            
            
            NVD: CVE-2019-12646

CREDITS
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-1120

SOURCES
db:VULHUBid:VHN-144413
db:JVNDBid:JVNDB-2019-010175
db:CNNVDid:CNNVD-201909-1120
db:NVDid:CVE-2019-12646

LAST UPDATE DATE
2024-08-14T13:25:56.780000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144413date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010175date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1120date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12646date:2023-05-22T18:57:24.750

SOURCES RELEASE DATE
db:VULHUBid:VHN-144413date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010175date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1120date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12646date:2019-09-25T20:15:10.353