CVE-2019-12656 — Improper Input Validation in Cisco Industrial Routers Operating System Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Industrial Routers Operating System Software Cisco Industrial Ethernet 2000 Series Firmware Cisco IOS

Timeline

PublishedSep 25

Latest updateMay 24

Description

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cisco/cisco_industrial_routers_operating_system_softwareunspecified — n/a

▶NVDcisco/ios1.6.0.0, 1.8.0+1

▶NVDcisco/industrial_ethernet_2000_series_firmware15.2\(6\)e

🔴Vulnerability Details

GHSA

GHSA-6r46-67j7-hr8v: A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web se↗2022-05-24

▶

CVEList

Cisco IOx Application Environment Denial of Service Vulnerability↗2019-09-25

▶

📋Vendor Advisories

Cisco

Cisco IOx Application Environment Denial of Service Vulnerability↗2019-09-25

▶