ID

VAR-201909-0155


CVE

CVE-2019-12646


TITLE

Cisco IOS XE Software initialization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010175

DESCRIPTION

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco IOS XE The software contains an initialization vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment. The following products and versions are affected: Cisco 1100, 4200, and 4300 Integrated Services Routers (ISRs); Cloud Services Router (CSR) 1000V Series; Enterprise Network Compute System (ENCS); Integrated Services Virtual Router (ISRv)

Trust: 1.71

sources: NVD: CVE-2019-12646 // JVNDB: JVNDB-2019-010175 // VULHUB: VHN-144413

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.4\(3\)s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.5\(3\)s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.6\(1\)s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:15.53s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:15.61s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:15.43s

Trust: 0.6

sources: JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12646
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12646
value: HIGH

Trust: 1.0

NVD: CVE-2019-12646
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1120
value: HIGH

Trust: 0.6

VULHUB: VHN-144413
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12646
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144413
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12646
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12646
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12646
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646 // NVD: CVE-2019-12646

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.9

problemtype:CWE-399

Trust: 1.0

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // NVD: CVE-2019-12646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1120

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1120

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010175

PATCH

title:cisco-sa-20190925-sip-algurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg

Trust: 0.8

title:Cisco IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98538

Trust: 0.6

sources: JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120

EXTERNAL IDS

db:NVDid:CVE-2019-12646

Trust: 2.5

db:JVNDBid:JVNDB-2019-010175

Trust: 0.8

db:CNNVDid:CNNVD-201909-1120

Trust: 0.7

db:AUSCERTid:ESB-2019.3615.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3615

Trust: 0.6

db:VULHUBid:VHN-144413

Trust: 0.1

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12646

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12646

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs

Trust: 0.6

url:httpserv-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-nat-sip-30440

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615/

Trust: 0.6

sources: VULHUB: VHN-144413 // JVNDB: JVNDB-2019-010175 // CNNVD: CNNVD-201909-1120 // NVD: CVE-2019-12646

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201909-1120

SOURCES

db:VULHUBid:VHN-144413
db:JVNDBid:JVNDB-2019-010175
db:CNNVDid:CNNVD-201909-1120
db:NVDid:CVE-2019-12646

LAST UPDATE DATE

2024-08-14T13:25:56.780000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144413date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010175date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1120date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12646date:2023-05-22T18:57:24.750

SOURCES RELEASE DATE

db:VULHUBid:VHN-144413date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010175date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1120date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12646date:2019-09-25T20:15:10.353