Vulnslist

find the latest Cisco vulnerabilities

Cisco IOx Application Environment Denial of Service Vulnerability

cisco-sa-20190925-iox · High · Published · Updated

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-12656
Cisco Bug IDsCSCvo19668, CSCvp28143, CSCvp28178, CSCvo42730, CSCvq86542
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Industrial Routers Operating System Software, Cisco IOx, Cisco Industrial Compute Gateway Software, Cisco IOS 15.0(2)SG11a, Cisco IOS 15.2(5)E1, Cisco IOS 15.2(5)E2, Cisco IOS 15.2(6)E, Cisco IOS 15.2(5)E2b, Cisco IOS 15.2(5)E2c, Cisco IOS 15.2(6)E0a, Cisco IOS 15.2(6)E1, Cisco IOS 15.2(6)E0c, Cisco IOS 15.2(6)E1a, Cisco IOS 15.2(6)E1s, Cisco IOS 15.2(6)E2a, Cisco IOS 15.2(6)E3, Cisco IOS 15.3(3)JAA1

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2019-12656 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2019-12656 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2019-12656 Cisco OpenVuln
Cisco IOS XE Software CVE-2019-12656 Cisco OpenVuln
Cisco IOS Software CVE-2019-12656 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2019-12656 Cisco OpenVuln
Cisco Industrial Routers Operating System Software CVE-2019-12656 Cisco OpenVuln
Cisco Industrial Compute Gateway Software CVE-2019-12656 Cisco OpenVuln
Cisco IOx CVE-2019-12656 Cisco OpenVuln
Cisco IOS CVE-2019-12656 Cisco OpenVuln