Sign-up

ID

VAR-201909-1523


CVE

CVE-2019-12665


TITLE

Cisco IOS and IOS XE Vulnerability regarding cryptographic strength in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-009748

DESCRIPTION

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. Cisco IOS and IOS XE The software contains a cryptographic strength vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // VULHUB: VHN-144434 // VULMON: CVE-2019-12665

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:fd-1.5.0

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.62t

Trust: 0.6

sources: JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12665
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12665
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12665
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1115
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144434
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-12665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12665
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144434
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12665
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12665
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-12665
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144434 // VULMON: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665 // NVD: CVE-2019-12665

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-326

Trust: 0.9

sources: VULHUB: VHN-144434 // JVNDB: JVNDB-2019-009748 // NVD: CVE-2019-12665

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1115

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009748

PATCH
title:cisco-sa-20190925-http-clienturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client
Trust: 0.8
title:Cisco IOS  and IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98535
Trust: 0.6
title:Cisco: Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190925-http-client
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-12665 // 
            
            
            
            JVNDB: JVNDB-2019-009748 // 
            
            
            
            CNNVD: CNNVD-201909-1115

EXTERNAL IDS
db:NVDid:CVE-2019-12665
Trust: 2.6
db:JVNDBid:JVNDB-2019-009748
Trust: 0.8
db:CNNVDid:CNNVD-201909-1115
Trust: 0.7
db:AUSCERTid:ESB-2019.3614
Trust: 0.6
db:VULHUBid:VHN-144434
Trust: 0.1
db:VULMONid:CVE-2019-12665
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144434 // 
            
            
            
            VULMON: CVE-2019-12665 // 
            
            
            
            JVNDB: JVNDB-2019-009748 // 
            
            
            
            CNNVD: CNNVD-201909-1115 // 
            
            
            
            NVD: CVE-2019-12665

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-12665
Trust: 1.4
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-http-client
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12665
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3614/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-read-write-access-via-http-client-30423
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/326.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144434 // 
            
            
            
            VULMON: CVE-2019-12665 // 
            
            
            
            JVNDB: JVNDB-2019-009748 // 
            
            
            
            CNNVD: CNNVD-201909-1115 // 
            
            
            
            NVD: CVE-2019-12665

SOURCES
db:VULHUBid:VHN-144434
db:VULMONid:CVE-2019-12665
db:JVNDBid:JVNDB-2019-009748
db:CNNVDid:CNNVD-201909-1115
db:NVDid:CVE-2019-12665

LAST UPDATE DATE
2024-08-14T13:25:47.767000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144434date:2021-11-02T00:00:00
db:VULMONid:CVE-2019-12665date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009748date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1115date:2019-09-30T00:00:00
db:NVDid:CVE-2019-12665date:2021-11-02T20:04:30.587

SOURCES RELEASE DATE
db:VULHUBid:VHN-144434date:2019-09-25T00:00:00
db:VULMONid:CVE-2019-12665date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-009748date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1115date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12665date:2019-09-25T21:15:11.390