CVE-2019-12656

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:ios:1.6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:1.8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:industrial_ethernet_2000_series_firmware:15.2\(6\)e:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ie_2000-16ptc-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16t67:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16t67p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16tc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16tc-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16tc-g-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16tc-g-n:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-16tc-g-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-24t67:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-4s-ts-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-4t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-4t-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-4ts:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-4ts-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8t67:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8t67p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8tc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8tc-g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8tc-g-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_2000-8tc-g-n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:ic3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ic3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:ie_4000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ie_4000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:cisco:cgr_1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:cgr_1000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:cisco:ir510_wpan_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox - Vendor Advisory

Information

Published : 2019-09-25 21:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12656

Mitre link : CVE-2019-12656

CVE.ORG link : CVE-2019-12656


JSON object : View

Products Affected

cisco

  • ie_2000-16tc-g-x
  • ie_2000-16ptc-g
  • ie_2000-16t67p
  • ie_2000-4t-g
  • ie_4000
  • ie_2000-16tc
  • ie_4000_firmware
  • cgr_1000_firmware
  • ie_2000-4ts-g
  • ie_2000-8t67
  • industrial_ethernet_2000_series_firmware
  • ic3000
  • ie_2000-4s-ts-g
  • ie_2000-24t67
  • ios
  • ie_2000-8tc-g-n
  • cgr_1000
  • ie_2000-8t67p
  • ie_2000-16tc-g-n
  • ie_2000-4t
  • ie_2000-16tc-g
  • ie_2000-16t67
  • ie_2000-8tc-g
  • ie_2000-16tc-g-e
  • ie_2000-8tc-g-e
  • ic3000_firmware
  • ir510_wpan_firmware
  • ie_2000-8tc
  • ie_2000-4ts
  • ir510_wpan
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo