CVE-2019-12663

CVSS V2 High 7.8 CVSS V3 High 8.6
Description
A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.
Overview
  • CVE ID
  • CVE-2019-12663
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2019-09-25T21:15:11
  • Last Modified Date
  • 2019-10-09T23:46:01
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-12q-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-12q-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-16x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-16x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-24q-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-24q-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-40x-a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_c9500-40x-e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 8.6
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 4
History
Created Old Value New Value Data Type Notes
2022-05-10 17:03:16 Added to TrackCVE
2022-12-04 03:11:35 psirt@cisco.com ykramarz@cisco.com CVE Assigner updated
2022-12-04 03:11:35 2019-09-25T21:15Z 2019-09-25T21:15:11 CVE Published Date updated
2022-12-04 03:11:35 2019-10-09T23:46:01 CVE Modified Date updated
2022-12-04 03:11:36 Modified Vulnerability Status updated