Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to cisco - ir510_wpan_firmware

Vulnerability from fkie_nvd

Published

2019-09-25 21:15

Modified

2024-11-21 04:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

References

▼	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	1.6.0.0
cisco	ios	1.8.0
cisco	industrial_ethernet_2000_series_firmware	15.2\(6\)e
cisco	ie_2000-16ptc-g	-
cisco	ie_2000-16t67	-
cisco	ie_2000-16t67p	-
cisco	ie_2000-16tc	-
cisco	ie_2000-16tc-g	-
cisco	ie_2000-16tc-g-e	-
cisco	ie_2000-16tc-g-n	-
cisco	ie_2000-16tc-g-x	-
cisco	ie_2000-24t67	-
cisco	ie_2000-4s-ts-g	-
cisco	ie_2000-4t	-
cisco	ie_2000-4t-g	-
cisco	ie_2000-4ts	-
cisco	ie_2000-4ts-g	-
cisco	ie_2000-8t67	-
cisco	ie_2000-8t67p	-
cisco	ie_2000-8tc	-
cisco	ie_2000-8tc-g	-
cisco	ie_2000-8tc-g-e	-
cisco	ie_2000-8tc-g-n	-
cisco	ic3000_firmware	-
cisco	ic3000	-
cisco	ie_4000_firmware	-
cisco	ie_4000	-
cisco	cgr_1000_firmware	-
cisco	cgr_1000	-
cisco	ir510_wpan_firmware	-
cisco	ir510_wpan	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios:1.6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9990580-CCFA-4C08-B1F9-2B146B128165",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "15D787AC-2450-4FE9-900F-A2D50A3D9E5E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:industrial_ethernet_2000_series_firmware:15.2\\(6\\)e:*:*:*:*:*:*:*",
                     matchCriteriaId: "933211A2-3C1D-46F8-A435-11A181D2B7B1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16ptc-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E3C54BC-F0C3-4CD5-A828-950F1E537764",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16t67:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEB95A76-4C4B-4B31-9B95-073315EA1661",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16t67p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA7574BA-5131-4ADA-80BB-A684C7857592",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16tc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0697A184-5E5D-4E55-88CE-BDBED39778AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16tc-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EA858B6-806D-4F75-8035-A6D85214A820",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16tc-g-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3995F5C-6BE8-482E-927A-C4236EF56923",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16tc-g-n:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A52F5B73-81F0-468E-A063-A800D810DD19",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-16tc-g-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FEA8EC5-E06E-40E5-9214-1F4740566260",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-24t67:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FB945A1-8A7D-4CF8-BCD1-2D337AE5677C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-4s-ts-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB251F55-3D7B-43D2-BE92-FDBD69A901D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-4t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE0EAB6F-34A3-4C45-805C-D78FD2EA1D57",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-4t-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C158ED3F-3B4A-4A31-9095-C0BDD0DB157E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-4ts:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6732AE6D-4C6D-4EE5-B75A-69EB00C05DFB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-4ts-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EDC4022-27F1-4A76-8216-88B8F06DAB36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8t67:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F068C426-6566-451A-AEF0-D6EDE4ACD883",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8t67p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DC6AD5E-F50F-4390-8AC7-20AE626EA83B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8tc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AB5C278-0255-4D46-A2AE-692164EB31C0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8tc-g:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B0B225B-2517-4464-9E96-7A3D6CF9D502",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8tc-g-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B9EDB59-4D01-4A94-9096-21E77F8A4118",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ie_2000-8tc-g-n:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F24E44C-7982-4706-90CA-1BE7EECCD6A6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ic3000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD065690-EC49-4A34-8C64-57F0F26C8FF1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ic3000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "28FE9061-9E16-4ADC-89D9-A3355E06500D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ie_4000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "393557A2-AC2D-46CF-BDA9-50827438B51A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ie_4000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DB78283-5904-4CF2-AF02-EB842A8B39C2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:cgr_1000_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5D1265-2B80-429C-AB46-6A1194157B6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:cgr_1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D4F35B7-7A47-45B7-967C-AB749BE346AA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ir510_wpan_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC33B8FC-C936-4672-B1A1-43AB1E956FC9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D29EAD2C-C9A3-4129-8C4F-1C0963826FA4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el entorno de la aplicación IOx de múltiples plataformas Cisco, podría permitir a un atacante remoto no autenticado causar que el servidor web IOx detenga el procesamiento de peticiones HTTPS, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a un problema de implementación de Transport Layer Security (TLS). Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes TLS diseñados hacia el servidor web IOx en un dispositivo afectado. Una explotación con éxito podría permitir que el atacante cause que el servidor web de IOx detenga el procesamiento de peticiones HTTPS, resultando en una condición DoS.",
      },
   ],
   id: "CVE-2019-12656",
   lastModified: "2024-11-21T04:23:16.617",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-09-25T21:15:10.827",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-02-12 04:15

Modified

2024-11-21 07:40

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

References

▼	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ic3000_industrial_compute_gateway	*
cisco	iox	-
cisco	ios_xe	*
cisco	ios_xe	*
cisco	ios_xe	17.10.0
cisco	cgr1240_firmware	*
cisco	cgr1240	-
cisco	cgr1000_firmware	*
cisco	cgr1000	-
cisco	ir510_wpan_firmware	*
cisco	ir510_wpan	-
cisco	829_industrial_integrated_services_router_firmware	*
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m1
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m2
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m2a
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m3
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m4
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m4a
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m5
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m6a
cisco	829_industrial_integrated_services_router_firmware	15.9\(3\)m6b
cisco	829_industrial_integrated_services_router	-
cisco	807_industrial_integrated_services_router_firmware	*
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m1
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m2
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m2a
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m3
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m4
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m4a
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m5
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m6a
cisco	807_industrial_integrated_services_router_firmware	15.9\(3\)m6b
cisco	807_industrial_integrated_services_router	-
cisco	809_industrial_integrated_services_router_firmware	*
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m1
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m2
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m2a
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m3
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m4
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m4a
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m5
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m6a
cisco	809_industrial_integrated_services_router_firmware	15.9\(3\)m6b
cisco	809_industrial_integrated_services_router	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0123C40-42E9-4DA1-A333-1249D52FE05F",
                     versionEndExcluding: "1.4.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:iox:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41E74F18-C63E-4A10-99C2-51907E199BC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F708D7F-6673-489E-9B2D-796AF552D7A2",
                     versionEndExcluding: "17.6.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9FC38B1-5F12-496F-8843-F119DB2D684C",
                     versionEndExcluding: "17.9.2",
                     versionStartIncluding: "17.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xe:17.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC868609-83CD-4FBA-A842-18CD4F07D8D4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F343CE69-D1C6-4CB3-97CF-AC480FA6802D",
                     versionEndExcluding: "1.16.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1FE609C-8021-48C8-AF15-F176D82A9B23",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F17050EB-5D47-4287-A2E7-518A811157A7",
                     versionEndExcluding: "1.16.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A7C73AA-7DBA-43BD-819B-1CA5228CFB0B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CF8D8F3-C04A-4A32-B7DF-7649506B83D1",
                     versionEndExcluding: "1.10.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D29EAD2C-C9A3-4129-8C4F-1C0963826FA4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "94A8B23B-89DC-4BD2-AC3B-E73169F42F6C",
                     versionEndExcluding: "15.9\\(3\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0E5C422-7131-49C5-B05C-11CDC97373BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
                     matchCriteriaId: "313940F2-909D-4BAB-BC1C-CA9419F4E9A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
                     matchCriteriaId: "887AA4F7-7A63-4FAF-89E9-B992FF8C0F46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1EEADC2-0938-48F8-8ED4-7A2643B6BAE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A79FD2A7-F49F-40CA-B721-AD222DD16CA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE95BEF3-E236-4B08-A3C5-210A094AB41E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D097582-7C84-4899-93C4-B16692A41302",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
                     matchCriteriaId: "86891B33-4B66-48C1-933B-75187404B129",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
                     matchCriteriaId: "372E3DB5-5296-4353-9A2B-0A8040F07BA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
                     matchCriteriaId: "20FCE500-AD08-40CE-8956-2997C9200B41",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "398D63B0-F15B-409B-AFBC-DE6C94FAF815",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FB92E03-2956-4AC1-831F-152FCBA01092",
                     versionEndExcluding: "15.9\\(3\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FA00C2A-CFC0-498B-8EA7-989FA2B78A2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
                     matchCriteriaId: "308D1626-255D-4266-B2E1-B6D34D7D8881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA3B170E-B248-4E9E-968B-A6320AAF3601",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
                     matchCriteriaId: "E20439B8-530E-4C49-AFBE-5AFAC95BA994",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA253BF-10DF-4819-A165-9E9049B14D74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FA057DC-F9D9-4A96-9AAF-86303A4D21A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DF79F40-DA37-4A36-95BD-7FDD8D41783F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0DB4FDC-3152-4144-A85B-920577D65BC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
                     matchCriteriaId: "564BC14B-465D-4E3D-A37A-15ED0AE65AA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
                     matchCriteriaId: "5612E330-FA91-4DA5-9D74-4E262769E388",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EEA0369-B5B1-41FD-98EE-F7F4EAB9863D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF306339-36B4-4549-8C8D-C7530C575D9B",
                     versionEndExcluding: "15.9\\(3\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA50E936-DFBC-4B6A-9AE3-763CBD2EA2CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8088D28-AA6B-4CA8-B120-9993D0C8035F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
                     matchCriteriaId: "73D568BB-6646-4366-8D8F-87B829AC018F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
                     matchCriteriaId: "352566DD-EF2B-49A0-9CFF-3C67152DE403",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
                     matchCriteriaId: "18E645F0-179C-43F4-9B12-2485B3C1924C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0C1A3AB-E91B-4A59-8E49-C7E722A97F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5D4FD9E-A505-4819-B57D-458A24C7E0AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A299F13E-02DD-490E-96F7-02BF7B21A46D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD17542-1D24-4D1B-A123-B773BA66326E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D5F1604-4189-4585-8E94-0BD1F02A125C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF4558F1-B87C-439F-AF8F-C19AACAB80E0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.",
      },
   ],
   id: "CVE-2023-20076",
   lastModified: "2024-11-21T07:40:29.813",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-02-12T04:15:19.287",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-233",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2023-20076

Vulnerability from cvelistv5

Published

2023-02-12 00:00

Modified

2024-10-28 16:34

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL	vendor-advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:57:35.567Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20230201 Cisco IOx Application Hosting Environment Command Injection Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20076",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-28T16:19:27.545112Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-28T16:34:17.566Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS ",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2023-02-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory. ",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-233",
                     description: "CWE-233",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-05T00:00:00",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20230201 Cisco IOx Application Hosting Environment Command Injection Vulnerability",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL",
            },
         ],
         source: {
            advisory: "cisco-sa-iox-8whGn5dL",
            defect: [
               [
                  "CSCwc66882",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOx Application Hosting Environment Command Injection Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2023-20076",
      datePublished: "2023-02-12T00:00:00",
      dateReserved: "2022-10-27T00:00:00",
      dateUpdated: "2024-10-28T16:34:17.566Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-12656

Vulnerability from cvelistv5

Published

2019-09-25 20:16

Modified

2024-11-19 18:55

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Industrial Routers Operating System Software	Version: unspecified < n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T23:24:39.211Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20190925 Cisco IOx Application Environment Denial of Service Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2019-12656",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-19T17:22:54.533965Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-19T18:55:13.497Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Industrial Routers Operating System Software",
               vendor: "Cisco",
               versions: [
                  {
                     lessThan: "n/a",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2019-09-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-25T20:16:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20190925 Cisco IOx Application Environment Denial of Service Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox",
            },
         ],
         source: {
            advisory: "cisco-sa-20190925-iox",
            defect: [
               [
                  "CSCvo19668",
                  "CSCvo42730",
                  "CSCvp28143",
                  "CSCvp28178",
                  "CSCvq86542",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOx Application Environment Denial of Service Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2019-09-25T16:00:00-0700",
               ID: "CVE-2019-12656",
               STATE: "PUBLIC",
               TITLE: "Cisco IOx Application Environment Denial of Service Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Industrial Routers Operating System Software",
                                 version: {
                                    version_data: [
                                       {
                                          affected: "<",
                                          version_affected: "<",
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.5",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20190925 Cisco IOx Application Environment Denial of Service Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-20190925-iox",
               defect: [
                  [
                     "CSCvo19668",
                     "CSCvo42730",
                     "CSCvp28143",
                     "CSCvp28178",
                     "CSCvq86542",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2019-12656",
      datePublished: "2019-09-25T20:16:01.334905Z",
      dateReserved: "2019-06-04T00:00:00",
      dateUpdated: "2024-11-19T18:55:13.497Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}