ID

VAR-201909-0156


CVE

CVE-2019-12647


TITLE

Cisco IOS and IOS XE In software NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010051

DESCRIPTION

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2019-12647 // JVNDB: JVNDB-2019-010051 // VULHUB: VHN-144414

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:fuji-16.8.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:fuji-16.7.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:asr 1001-hxscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4451-xscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4221scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asr 1000scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4321scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4431scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:1100scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:4351scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12647
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12647
value: HIGH

Trust: 1.0

NVD: CVE-2019-12647
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1114
value: HIGH

Trust: 0.6

VULHUB: VHN-144414
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12647
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144414
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12647
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12647
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12647
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647 // NVD: CVE-2019-12647

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // NVD: CVE-2019-12647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1114

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-1114

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010051

PATCH

title:cisco-sa-20190925-identd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos

Trust: 0.8

title:Cisco IOS and IOS XE Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98534

Trust: 0.6

sources: JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114

EXTERNAL IDS

db:NVDid:CVE-2019-12647

Trust: 2.5

db:JVNDBid:JVNDB-2019-010051

Trust: 0.8

db:CNNVDid:CNNVD-201909-1114

Trust: 0.7

db:AUSCERTid:ESB-2019.3614

Trust: 0.6

db:VULHUBid:VHN-144414

Trust: 0.1

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-identd-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12647

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12647

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sbxss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-dos

Trust: 0.6

url:http-client

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-tsec

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3614/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-denial-of-service-via-ip-ident-30426

Trust: 0.6

sources: VULHUB: VHN-144414 // JVNDB: JVNDB-2019-010051 // CNNVD: CNNVD-201909-1114 // NVD: CVE-2019-12647

SOURCES

db:VULHUBid:VHN-144414
db:JVNDBid:JVNDB-2019-010051
db:CNNVDid:CNNVD-201909-1114
db:NVDid:CVE-2019-12647

LAST UPDATE DATE

2024-08-14T13:25:47.715000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144414date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010051date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-1114date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12647date:2019-10-09T23:45:57.137

SOURCES RELEASE DATE

db:VULHUBid:VHN-144414date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010051date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-1114date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12647date:2019-09-25T20:15:10.417