{ "id": "CVE-2019-12663", "sourceIdentifier": "ykramarz@cisco.com", "published": "2019-09-25T21:15:11.267", "lastModified": "2019-10-09T23:46:01.043", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state." }, { "lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo de aprovisionamiento Cisco TrustSec (CTS) Protected Access Credential (PAC) del software Cisco IOS XE, podr\u00eda permitir a un atacante remoto no autenticado causar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a la comprobaci\u00f3n inapropiada de atributos en los mensajes RADIUS. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un mensaje RADIUS malicioso hacia un dispositivo afectado mientras el dispositivo se encuentra en un estado espec\u00edfico." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 4.0 } ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 4.0 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3765B3DB-8B1B-46EF-AF7D-ED1EB2079C3A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "74AED057-2458-4DE0-8D51-ABD766D07F68" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "19538C03-5FB8-4401-8B21-489C629D7E7D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "B26D7061-F471-4DF0-A892-ED132958B84A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "033ED443-80E7-4012-9825-07AAC0D44B96" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD3F3CC6-A349-47B1-B282-B6458683C191" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB24EF21-1C10-48A7-BC68-FFC842A28D12" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED0625A2-BF14-4552-83D8-AEE0A04EA023" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD0D6ED6-AE64-4E20-B9CD-3EAA22709CFF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "21AFDC0D-7629-424E-827B-C8A8767324C3" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A263CFF2-A659-405B-90EA-51E49B25C6D3" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEFBD449-217D-4569-99F7-D56B853A3E07" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "7ED668FC-D1A5-4175-A234-23760BA6E788" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D650C48-9241-42F7-87A9-20733329489A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ED16A65-9AFF-4825-95D1-162FBA0F566D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "82D345E7-8208-41AC-B11A-4425D29E98A1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E386D461-F1C1-4970-B056-D6119E74D449" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F3A466-F665-4132-ABC4-2DFC0A7E2B55" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3395168-FF2E-4CB6-AABE-5E36DEB241CA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F525CBC-1CE6-4CAB-B1C1-DFA7EA462EF0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "226F985C-4669-4D0A-9DB4-CB1465B37B02" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B736A43-6F4E-40A9-84E4-D9E251489234" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "26437DA7-2EFE-4CA2-8DB0-9FECBEFAE4EA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E99CA124-7D86-463B-A31E-A7836B7493E6" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E014B028-8DD9-428C-B705-8F428F145932" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C44229-A842-49B2-AD3E-79C83DB63EBE" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D56D21F-0F55-4AB1-AB9B-8EAE08F4BEDA" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C0441D-A7AC-4B4E-970A-3A441C2F66B0" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5306E847-C718-4C83-9C97-8AB498DC4A88" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "18287CEF-B574-4498-A256-567CA6E6CA7C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E9AAA2C-495E-4FD1-9050-264FDC25254B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5713043E-2535-4540-B3EF-41FAC40BECE9" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C0C18E5-45B9-49D2-A4AB-DD8D5CB04C5C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "67701D77-8B03-446A-AE22-4B8CCCD6F029" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B0BEAE3-2056-4B7B-8D7C-AEE3DC86CC2A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "831A2390-7170-4FC0-A95E-3DAB1791017D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F788CBC4-782F-4A43-AC80-4AEF1C43A22D" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "493989DC-8F1B-45C9-AD11-38B97B958C9C" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*", "matchCriteriaId": "419ABFB5-2C27-4EBE-98EF-8A8B718CD1F9" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D09786E-BB71-4ECA-878A-2CD33EE2DFF2" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "32A2AD4E-27B8-4022-90D5-34DA597B55E1" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F69531D5-09B2-407D-8361-2FD7C93FF841" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB3D5CED-76D9-4A9C-8FD2-34DDED24E714" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC50F73C-5026-44E0-AE29-E8AD3A112FC6" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FF0D66-D25B-4240-883D-8B02B17DB1A8" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "45233420-4380-4D64-B46D-D400A7224CA5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7925AF68-4E36-4281-A710-070DD4BEDA8B" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6CCBE67-E509-43EC-9AFB-8A9B6A115126" } ] } ] } ], "references": [ { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }