First published: Wed Sep 25 2019(Updated: )
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =16.9 | |
Cisco IOS XE | =16.10.1 | |
Cisco Asr 902 | ||
Cisco Asr 902u | ||
Cisco ASR 903 | ||
Cisco Asr 907 | ||
Cisco Asr 914 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12653 is a vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
The severity of CVE-2019-12653 is high with a CVSS score of 7.5.
CVE-2019-12653 affects Cisco IOS XE Software versions 16.9 and 16.10.1.
An unauthenticated, remote attacker can exploit CVE-2019-12653 by sending malicious Raw Socket Transport payloads to the affected device.
Yes, Cisco has released a security advisory with information on how to mitigate the vulnerability. Please refer to the Cisco Security Advisory for more details.