high
7.5
CWE
20
Advisory Published
Updated

CVE-2019-12656: Cisco IOx Application Environment Denial of Service Vulnerability

First published: Wed Sep 25 2019(Updated: )

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco IOS=1.6.0.0
Cisco IOS=1.8.0
Cisco Industrial Ethernet 2000 Series Firmware=15.2\(6\)e
Cisco Ie 2000-16ptc-g
Cisco Ie 2000-16t67
Cisco Ie 2000-16t67p
Cisco Ie 2000-16tc
Cisco Ie 2000-16tc-g
Cisco Ie 2000-16tc-g-e
Cisco Ie 2000-16tc-g-n
Cisco Ie 2000-16tc-g-x
Cisco Ie 2000-24t67
Cisco Ie 2000-4s-ts-g
Cisco Ie 2000-4t
Cisco Ie 2000-4t-g
Cisco Ie 2000-4ts
Cisco Ie 2000-4ts-g
Cisco Ie 2000-8t67
Cisco Ie 2000-8t67p
Cisco Ie 2000-8tc
Cisco Ie 2000-8tc-g
Cisco Ie 2000-8tc-g-e
Cisco Ie 2000-8tc-g-n
Cisco Ic3000 Firmware
Cisco Ic3000
Cisco Ie 4000 Firmware
Cisco Ie 4000
Cisco Cgr 1000 Firmware
Cisco Cgr 1000
Cisco Ir510 Wpan Firmware
Cisco Ir510 Wpan

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-12656?

    CVE-2019-12656 is a vulnerability in the IOx application environment of multiple Cisco platforms that could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition.

  • Which Cisco platforms are affected by CVE-2019-12656?

    CVE-2019-12656 affects Cisco IOS versions 1.6.0.0 and 1.8.0, as well as Cisco Industrial Ethernet 2000 Series Firmware version 15.2(6)e.

  • What is the severity level of CVE-2019-12656?

    CVE-2019-12656 has a severity level of 7.5, which is considered high.

  • How can I fix CVE-2019-12656?

    To fix CVE-2019-12656, Cisco recommends applying the necessary updates or workarounds as mentioned in the advisory provided by Cisco.

  • Where can I find more information about CVE-2019-12656?

    You can find more information about CVE-2019-12656 in the Cisco Security Advisory at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203