Sign-up

ID

VAR-201909-0156


CVE

CVE-2019-12647


TITLE

Cisco IOS and IOS XE In software NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010051

DESCRIPTION

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2019-12647 // JVNDB: JVNDB-2019-010051 // VULHUB: VHN-144414

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:fuji-16.8.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:fuji-16.7.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1001-hxscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4451-xscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4221scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1000scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4321scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4431scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:1100scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4351scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12647
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12647
value: HIGH

Trust: 1.0

NVD: CVE-2019-12647
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1114
value: HIGH

Trust: 0.6

VULHUB: VHN-144414
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12647
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144414
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12647
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12647
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12647
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647 // NVD: CVE-2019-12647

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // NVD: CVE-2019-12647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1114

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-1114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010051

PATCH
title:cisco-sa-20190925-identd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos
Trust: 0.8
title:Cisco IOS  and IOS XE Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98534
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010051 // 
            
            
            
            CNNVD: CNNVD-201909-1114

EXTERNAL IDS
db:NVDid:CVE-2019-12647
Trust: 2.5
db:JVNDBid:JVNDB-2019-010051
Trust: 0.8
db:CNNVDid:CNNVD-201909-1114
Trust: 0.7
db:AUSCERTid:ESB-2019.3614
Trust: 0.6
db:VULHUBid:VHN-144414
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144414 // 
            
            
            
            JVNDB: JVNDB-2019-010051 // 
            
            
            
            CNNVD: CNNVD-201909-1114 // 
            
            
            
            NVD: CVE-2019-12647

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-identd-dos
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12647
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12647
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sbxss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-dos
Trust: 0.6
url:http-client
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-tsec
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3614/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-denial-of-service-via-ip-ident-30426
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144414 // 
            
            
            
            JVNDB: JVNDB-2019-010051 // 
            
            
            
            CNNVD: CNNVD-201909-1114 // 
            
            
            
            NVD: CVE-2019-12647

SOURCES
db:VULHUBid:VHN-144414
db:JVNDBid:JVNDB-2019-010051
db:CNNVDid:CNNVD-201909-1114
db:NVDid:CVE-2019-12647

LAST UPDATE DATE
2024-08-14T13:25:47.715000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144414date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010051date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-1114date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12647date:2019-10-09T23:45:57.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-144414date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010051date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-1114date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12647date:2019-09-25T20:15:10.417