ID

VAR-201909-0166


CVE

CVE-2019-12656


TITLE

plural Cisco Input validation vulnerability in the platform

Trust: 0.8

sources: JVNDB: JVNDB-2019-010189

DESCRIPTION

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. plural Cisco The platform contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Industrial Routers Operating System Software, etc. are all products of Cisco (Cisco). Industrial Routers Operating System Software is an operating system for routers. CGR 1000 IOx Compute Platform Firmware is a set of firmware for CGR 1000 computing modules. Industrial Compute Gateway Software is an operating system for Cisco Compute Gateway products. The following products and versions are affected: Industrial Routers Operating System Software (Cisco 510 WPAN Industrial Router); CGR 1000 IOx Compute Platform Firmware (Cisco CGR 1000 Compute Module); Industrial Compute Gateway Software (Cisco IC3000 Industrial Compute Gateway); Cisco Software (IOS Cisco Industrial Ethernet 4000 Series Switches)

Trust: 1.71

sources: NVD: CVE-2019-12656 // JVNDB: JVNDB-2019-010189 // VULHUB: VHN-144424

AFFECTED PRODUCTS

vendor:ciscomodel:cgr 1000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:1.8.0

Trust: 1.0

vendor:ciscomodel:ir510 wpanscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ie 4000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ic3000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:industrial ethernet 2000 seriesscope:eqversion:15.2\(6\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:1.6.0.0

Trust: 1.0

vendor:ciscomodel:cgr 1000scope: - version: -

Trust: 0.8

vendor:ciscomodel:ic3000scope: - version: -

Trust: 0.8

vendor:ciscomodel:ie 4000scope: - version: -

Trust: 0.8

vendor:ciscomodel:industrial ethernet 2000 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ir510 wpanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010189 // NVD: CVE-2019-12656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12656
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12656
value: HIGH

Trust: 1.0

NVD: CVE-2019-12656
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1169
value: HIGH

Trust: 0.6

VULHUB: VHN-144424
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12656
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144424
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12656
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12656
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144424 // JVNDB: JVNDB-2019-010189 // CNNVD: CNNVD-201909-1169 // NVD: CVE-2019-12656 // NVD: CVE-2019-12656

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-144424 // JVNDB: JVNDB-2019-010189 // NVD: CVE-2019-12656

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1169

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1169

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010189

PATCH

title:cisco-sa-20190925-ioxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Trust: 0.8

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98583

Trust: 0.6

sources: JVNDB: JVNDB-2019-010189 // CNNVD: CNNVD-201909-1169

EXTERNAL IDS

db:NVDid:CVE-2019-12656

Trust: 2.5

db:JVNDBid:JVNDB-2019-010189

Trust: 0.8

db:CNNVDid:CNNVD-201909-1169

Trust: 0.7

db:AUSCERTid:ESB-2019.3617

Trust: 0.6

db:VULHUBid:VHN-144424

Trust: 0.1

sources: VULHUB: VHN-144424 // JVNDB: JVNDB-2019-010189 // CNNVD: CNNVD-201909-1169 // NVD: CVE-2019-12656

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12656

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12656

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ios-gos-auth

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3617/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-denial-of-service-via-iox-web-server-30435

Trust: 0.6

sources: VULHUB: VHN-144424 // JVNDB: JVNDB-2019-010189 // CNNVD: CNNVD-201909-1169 // NVD: CVE-2019-12656

SOURCES

db:VULHUBid:VHN-144424
db:JVNDBid:JVNDB-2019-010189
db:CNNVDid:CNNVD-201909-1169
db:NVDid:CVE-2019-12656

LAST UPDATE DATE

2024-11-23T22:44:54.248000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144424date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010189date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1169date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12656date:2024-11-21T04:23:16.617

SOURCES RELEASE DATE

db:VULHUBid:VHN-144424date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010189date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1169date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12656date:2019-09-25T21:15:10.827