ID

VAR-201909-1523


CVE

CVE-2019-12665


TITLE

Cisco IOS and IOS XE Vulnerability regarding cryptographic strength in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-009748

DESCRIPTION

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel. Cisco IOS and IOS XE The software contains a cryptographic strength vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // VULHUB: VHN-144434 // VULMON: CVE-2019-12665

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:fd-1.5.0

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.62t

Trust: 0.6

sources: JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12665
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12665
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12665
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1115
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144434
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-12665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12665
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144434
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12665
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12665
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-12665
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144434 // VULMON: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665 // NVD: CVE-2019-12665

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-326

Trust: 0.9

sources: VULHUB: VHN-144434 // JVNDB: JVNDB-2019-009748 // NVD: CVE-2019-12665

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1115

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009748

PATCH

title:cisco-sa-20190925-http-clienturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client

Trust: 0.8

title:Cisco IOS and IOS XE Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98535

Trust: 0.6

title:Cisco: Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190925-http-client

Trust: 0.1

sources: VULMON: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115

EXTERNAL IDS

db:NVDid:CVE-2019-12665

Trust: 2.6

db:JVNDBid:JVNDB-2019-009748

Trust: 0.8

db:CNNVDid:CNNVD-201909-1115

Trust: 0.7

db:AUSCERTid:ESB-2019.3614

Trust: 0.6

db:VULHUBid:VHN-144434

Trust: 0.1

db:VULMONid:CVE-2019-12665

Trust: 0.1

sources: VULHUB: VHN-144434 // VULMON: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-12665

Trust: 1.4

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-http-client

Trust: 1.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12665

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3614/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-read-write-access-via-http-client-30423

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/326.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-144434 // VULMON: CVE-2019-12665 // JVNDB: JVNDB-2019-009748 // CNNVD: CNNVD-201909-1115 // NVD: CVE-2019-12665

SOURCES

db:VULHUBid:VHN-144434
db:VULMONid:CVE-2019-12665
db:JVNDBid:JVNDB-2019-009748
db:CNNVDid:CNNVD-201909-1115
db:NVDid:CVE-2019-12665

LAST UPDATE DATE

2024-11-23T21:51:59.230000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144434date:2021-11-02T00:00:00
db:VULMONid:CVE-2019-12665date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009748date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1115date:2019-09-30T00:00:00
db:NVDid:CVE-2019-12665date:2024-11-21T04:23:18.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-144434date:2019-09-25T00:00:00
db:VULMONid:CVE-2019-12665date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-009748date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201909-1115date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12665date:2019-09-25T21:15:11.390