FKIE_CVE-2019-12653

Vulnerability from fkie_nvd - Published: 2019-09-25 21:15 - Updated: 2024-11-21 04:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dosVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xe 16.9
cisco ios_xe 16.10.1
cisco asr_902 -
cisco asr_902u -
cisco asr_903 -
cisco asr_907 -
cisco asr_914 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D42A82B-7241-4564-BCC1-9C4E7EB18881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70352B04-C3FD-47F5-A2F8-691CF63EB50D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_902u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE063AF2-5579-4D7E-8829-9102FC7CB994",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51938C0A-AFDB-4B12-BB64-9C67FC0C738F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_907:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18E4A46-10D3-48F8-9E92-377ACA447257",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_914:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D5E61B-9F17-4C56-A1BB-3EE08CB62C53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad Raw Socket Transport del software Cisco IOS XE, podr\u00eda permitir a un atacante remoto no autenticado desencadenar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido al an\u00e1lisis inapropiado de las cargas \u00fatiles de Raw Socket Transport. Un atacante podr\u00eda explotar esta vulnerabilidad al establecer una sesi\u00f3n TCP y entonces enviar un segmento TCP malicioso por medio de IPv4 hacia un dispositivo afectado. Esto no puede ser explotado por medio de IPv6, ya que la funci\u00f3n de Raw Socket Transport no admite IPv6 como protocolo de capa de red."
    }
  ],
  "id": "CVE-2019-12653",
  "lastModified": "2024-11-21T04:23:16.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-25T21:15:10.657",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.