Lucene search

[email protected]CVE-2019-12654

HistorySep 25, 2019 - 9:15 p.m.

CVE-2019-12654

2019-09-2521:15:10

CWE-476

[email protected]

web.nvd.nist.gov

cisco

ios

ios xe

software

sip

library

vulnerability

remote attacker

dos

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.2%

JSON

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Affected configurations

NVD

Node

ciscoios_xeMatch15.6\(1\)s4.2

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.9.1

AND

cisco1000_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco4000_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4321_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4351_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451-x_integrated_services_routerMatch-

ciscoasr_1000Match-

ciscoasr_1001-hxMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscocloud_services_router_1000vMatch-

ciscointegrated_services_virtual_routerMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq15.6\(1\)s4.2
cisco:ios_xecisco ios xeeq16.3.8
cisco:ios_xecisco ios xeeq16.9.1

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	15.6\(1\)s4.2
cisco:ios_xe	cisco ios xe	eq	16.3.8
cisco:ios_xe	cisco ios xe	eq	16.9.1

CNA Affected

[
  {
    "product": "Cisco IOS 15.0(1)XA2",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.2%

JSON

Related for CVE-2019-12654

cisco1 nessus2 prion1 cvelist1 nvd1