CVE-2019-12654NULL Pointer Dereference in Cisco IOS 15.0 XA2

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS 15.0 XA2Cisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_15.0_xa2unspecifiedn/a
NVDcisco/ios_xe15.6\(1\)s4.2, 16.3.8, 16.9.1+2

🔴Vulnerability Details

2
GHSA
GHSA-fg75-chcf-xjg7: A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attack2022-05-24
CVEList
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability2019-09-25
CVE-2019-12654 — NULL Pointer Dereference in Cisco | cvebase