Sign-up

ID

VAR-201909-0168


CVE

CVE-2019-12658


TITLE

Cisco IOS XE Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010191

DESCRIPTION

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition. Cisco IOS XE The software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2019-12658 // JVNDB: JVNDB-2019-010191 // VULHUB: VHN-144426

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010191 // NVD: CVE-2019-12658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12658
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12658
value: HIGH

Trust: 1.0

NVD: CVE-2019-12658
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1167
value: HIGH

Trust: 0.6

VULHUB: VHN-144426
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12658
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144426
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12658
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12658
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12658
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // CNNVD: CNNVD-201909-1167 // NVD: CVE-2019-12658 // NVD: CVE-2019-12658

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-144426 // JVNDB: JVNDB-2019-010191 // NVD: CVE-2019-12658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1167

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010191

PATCH
title:cisco-sa-20190925-iosxe-fsdosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos
Trust: 0.8
title:Cisco IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98581
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010191 // 
            
            
            
            CNNVD: CNNVD-201909-1167

EXTERNAL IDS
db:NVDid:CVE-2019-12658
Trust: 2.5
db:JVNDBid:JVNDB-2019-010191
Trust: 0.8
db:CNNVDid:CNNVD-201909-1167
Trust: 0.7
db:AUSCERTid:ESB-2019.3615.2
Trust: 0.6
db:AUSCERTid:ESB-2019.3615
Trust: 0.6
db:VULHUBid:VHN-144426
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144426 // 
            
            
            
            JVNDB: JVNDB-2019-010191 // 
            
            
            
            CNNVD: CNNVD-201909-1167 // 
            
            
            
            NVD: CVE-2019-12658

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12658
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12658
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs
Trust: 0.6
url:httpserv-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-filesystem-exhaustion-30432
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144426 // 
            
            
            
            JVNDB: JVNDB-2019-010191 // 
            
            
            
            CNNVD: CNNVD-201909-1167 // 
            
            
            
            NVD: CVE-2019-12658

SOURCES
db:VULHUBid:VHN-144426
db:JVNDBid:JVNDB-2019-010191
db:CNNVDid:CNNVD-201909-1167
db:NVDid:CVE-2019-12658

LAST UPDATE DATE
2024-08-14T13:25:56.727000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144426date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010191date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1167date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12658date:2020-10-08T14:06:19.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-144426date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010191date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1167date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12658date:2019-09-25T21:15:10.953