CVE-2019-12653

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios_xe:16.9:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1:::::::*

OR	cpe:2.3:h:cisco:asr_902:-:::::::*
	cpe:2.3:h:cisco:asr_902u:-:::::::*
	cpe:2.3:h:cisco:asr_903:-:::::::*
	cpe:2.3:h:cisco:asr_907:-:::::::*
	cpe:2.3:h:cisco:asr_914:-:::::::*

History

No history.

Information

Published : 2019-09-25 21:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-12653

Mitre link : CVE-2019-12653

CVE.ORG link : CVE-2019-12653

JSON object : View

Products Affected

cisco

asr_914
asr_902u
ios_xe
asr_907
asr_903
asr_902

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2019-12653", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-25T21:15:10.657", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Raw Socket Transport del software Cisco IOS XE, podr\u00eda permitir a un atacante remoto no autenticado desencadenar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido al an\u00e1lisis inapropiado de las cargas \u00fatiles de Raw Socket Transport. Un atacante podr\u00eda explotar esta vulnerabilidad al establecer una sesi\u00f3n TCP y entonces enviar un segmento TCP malicioso por medio de IPv4 hacia un dispositivo afectado. Esto no puede ser explotado por medio de IPv6, ya que la funci\u00f3n de Raw Socket Transport no admite IPv6 como protocolo de capa de red."}], "lastModified": "2019-10-09T23:45:58.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D42A82B-7241-4564-BCC1-9C4E7EB18881"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "70352B04-C3FD-47F5-A2F8-691CF63EB50D"}, {"criteria": "cpe:2.3:h:cisco:asr_902u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE063AF2-5579-4D7E-8829-9102FC7CB994"}, {"criteria": "cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51938C0A-AFDB-4B12-BB64-9C67FC0C738F"}, {"criteria": "cpe:2.3:h:cisco:asr_907:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A18E4A46-10D3-48F8-9E92-377ACA447257"}, {"criteria": "cpe:2.3:h:cisco:asr_914:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67D5E61B-9F17-4C56-A1BB-3EE08CB62C53"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}