ID

VAR-201909-0168


CVE

CVE-2019-12658


TITLE

Cisco IOS XE Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010191

DESCRIPTION

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. Cisco IOS XE The software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2019-12658 // JVNDB: JVNDB-2019-010191 // VULHUB: VHN-144426

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010191 // NVD: CVE-2019-12658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12658
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12658
value: HIGH

Trust: 1.0

NVD: CVE-2019-12658
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1167
value: HIGH

Trust: 0.6

VULHUB: VHN-144426
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12658
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144426
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12658
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12658
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12658
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // CNNVD: CNNVD-201909-1167 // NVD: CVE-2019-12658 // NVD: CVE-2019-12658

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // NVD: CVE-2019-12658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1167

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1167

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010191

PATCH

title:cisco-sa-20190925-iosxe-fsdosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos

Trust: 0.8

title:Cisco IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98581

Trust: 0.6

sources: JVNDB: JVNDB-2019-010191 // CNNVD: CNNVD-201909-1167

EXTERNAL IDS

db:NVDid:CVE-2019-12658

Trust: 2.5

db:JVNDBid:JVNDB-2019-010191

Trust: 0.8

db:CNNVDid:CNNVD-201909-1167

Trust: 0.7

db:AUSCERTid:ESB-2019.3615.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3615

Trust: 0.6

db:VULHUBid:VHN-144426

Trust: 0.1

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // CNNVD: CNNVD-201909-1167 // NVD: CVE-2019-12658

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12658

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12658

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs

Trust: 0.6

url:httpserv-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-filesystem-exhaustion-30432

Trust: 0.6

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // CNNVD: CNNVD-201909-1167 // NVD: CVE-2019-12658

SOURCES

db:VULHUBid:VHN-144426
db:JVNDBid:JVNDB-2019-010191
db:CNNVDid:CNNVD-201909-1167
db:NVDid:CVE-2019-12658

LAST UPDATE DATE

2024-08-14T13:25:56.727000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144426date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010191date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1167date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12658date:2020-10-08T14:06:19.807

SOURCES RELEASE DATE

db:VULHUBid:VHN-144426date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010191date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1167date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12658date:2019-09-25T21:15:10.953