PT-2019-3333 · Cisco · Cisco Ios Xe+2

Published

2019-09-25

Updated

2020-10-08

CVE-2019-12669

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Recommendations Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-03440

CVE-2019-12669

Affected Products

Cisco Ios Xe

Cisco Ios

Cisco Trustsec

PT-2019-3333 · Cisco · Cisco Ios Xe+2

CVE-2019-12669

Weakness Enumeration

Related Identifiers

Affected Products

References · 4