CVE-2019-12656
Cisco IOx Application Environment Denial of Service Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.
Una vulnerabilidad en el entorno de la aplicación IOx de múltiples plataformas Cisco, podría permitir a un atacante remoto no autenticado causar que el servidor web IOx detenga el procesamiento de peticiones HTTPS, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a un problema de implementación de Transport Layer Security (TLS). Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes TLS diseñados hacia el servidor web IOx en un dispositivo afectado. Una explotación con éxito podría permitir que el atacante cause que el servidor web de IOx detenga el procesamiento de peticiones HTTPS, resultando en una condición DoS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-06-04 CVE Reserved
- 2019-09-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox | 2020-10-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16ptc-g Search vendor "Cisco" for product "Ie 2000-16ptc-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16t67 Search vendor "Cisco" for product "Ie 2000-16t67" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16t67p Search vendor "Cisco" for product "Ie 2000-16t67p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16tc Search vendor "Cisco" for product "Ie 2000-16tc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16tc-g Search vendor "Cisco" for product "Ie 2000-16tc-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16tc-g-e Search vendor "Cisco" for product "Ie 2000-16tc-g-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16tc-g-n Search vendor "Cisco" for product "Ie 2000-16tc-g-n" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-16tc-g-x Search vendor "Cisco" for product "Ie 2000-16tc-g-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-24t67 Search vendor "Cisco" for product "Ie 2000-24t67" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-4s-ts-g Search vendor "Cisco" for product "Ie 2000-4s-ts-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-4t Search vendor "Cisco" for product "Ie 2000-4t" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-4t-g Search vendor "Cisco" for product "Ie 2000-4t-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-4ts Search vendor "Cisco" for product "Ie 2000-4ts" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-4ts-g Search vendor "Cisco" for product "Ie 2000-4ts-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8t67 Search vendor "Cisco" for product "Ie 2000-8t67" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8t67p Search vendor "Cisco" for product "Ie 2000-8t67p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8tc Search vendor "Cisco" for product "Ie 2000-8tc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8tc-g Search vendor "Cisco" for product "Ie 2000-8tc-g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8tc-g-e Search vendor "Cisco" for product "Ie 2000-8tc-g-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 2000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" | 15.2\(6\)e Search vendor "Cisco" for product "Industrial Ethernet 2000 Series Firmware" and version "15.2\(6\)e" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 2000-8tc-g-n Search vendor "Cisco" for product "Ie 2000-8tc-g-n" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ic3000 Firmware Search vendor "Cisco" for product "Ic3000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Ic3000 Search vendor "Cisco" for product "Ic3000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ie 4000 Firmware Search vendor "Cisco" for product "Ie 4000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie 4000 Search vendor "Cisco" for product "Ie 4000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Cgr 1000 Firmware Search vendor "Cisco" for product "Cgr 1000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Cgr 1000 Search vendor "Cisco" for product "Cgr 1000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ir510 Wpan Firmware Search vendor "Cisco" for product "Ir510 Wpan Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Ir510 Wpan Search vendor "Cisco" for product "Ir510 Wpan" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 1.6.0.0 Search vendor "Cisco" for product "Ios" and version "1.6.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 1.8.0 Search vendor "Cisco" for product "Ios" and version "1.8.0" | - |
Affected
| ||||||