A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dosĀ - Vendor Advisory |
Information
Published : 2019-09-25 21:15
Updated : 2024-11-21 04:23
NVD link : CVE-2019-12663
Mitre link : CVE-2019-12663
CVE.ORG link : CVE-2019-12663
JSON object : View
Products Affected
cisco
- catalyst_9300-24u-a
- catalyst_9300-48s-e
- catalyst_9300-48p-e
- catalyst_9300-48u-a
- catalyst_9300-48u-e
- catalyst_c9500-16x-a
- catalyst_9300-48t-a
- catalyst_9300l-24t-4x-a
- catalyst_9300-24s-e
- catalyst_9300l-48p-4g-e
- catalyst_9300l-48p-4x-a
- catalyst_c9500-40x-e
- catalyst_9300l-48p-4g-a
- catalyst_c9500-24q-a
- catalyst_9300-24ux-a
- catalyst_9300-24u-e
- catalyst_9300-24s-a
- ios_xe
- catalyst_9300l-24p-4x-e
- catalyst_9300l-48t-4g-a
- catalyst_c9500-16x-e
- catalyst_c9500-24q-e
- catalyst_9300l-48t-4g-e
- catalyst_9300l-48t-4x-a
- catalyst_9300l-24t-4x-e
- catalyst_9300l-24p-4g-a
- catalyst_9300l-48t-4x-e
- catalyst_9300-48uxm-a
- catalyst_c9500-12q-a
- catalyst_c9500-40x-a
- catalyst_9300-48t-e
- catalyst_9300-48un-e
- catalyst_9300-24t-e
- catalyst_9300-24ux-e
- catalyst_9300-48s-a
- catalyst_9300l-24t-4g-e
- catalyst_9300l-48p-4x-e
- catalyst_9300-48un-a
- catalyst_9300-48p-a
- catalyst_9300l-24p-4g-e
- catalyst_c9500-12q-e
- cbr-8_converged_broadband_router
- catalyst_9300-24p-e
- catalyst_9300-24p-a
- catalyst_9300-48uxm-e
- catalyst_9300l-24p-4x-a
- catalyst_9300l_stack
- catalyst_9300-24t-a
- catalyst_9300l-24t-4g-a
CWE
CWE-20
Improper Input Validation