First published: Wed Sep 25 2019(Updated: )
A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =16.6.4 | |
Cisco IOS XE | =16.12.1 | |
Cisco Catalyst 9300-24p-a | ||
Cisco Catalyst 9300-24p-e | ||
Cisco Catalyst 9300-24s-a | ||
Cisco Catalyst 9300-24s-e | ||
Cisco Catalyst 9300-24t-a | ||
Cisco Catalyst 9300-24t-e | ||
Cisco Catalyst 9300-24u-a | ||
Cisco Catalyst 9300-24u-e | ||
Cisco Catalyst 9300-24ux-a | ||
Cisco Catalyst 9300-24ux-e | ||
Cisco Catalyst 9300-48p-a | ||
Cisco Catalyst 9300-48p-e | ||
Cisco Catalyst 9300-48s-a | ||
Cisco Catalyst 9300-48s-e | ||
Cisco Catalyst 9300-48t-a | ||
Cisco Catalyst 9300-48t-e | ||
Cisco Catalyst 9300-48u-a | ||
Cisco Catalyst 9300-48u-e | ||
Cisco Catalyst 9300-48un-a | ||
Cisco Catalyst 9300-48un-e | ||
Cisco Catalyst 9300-48uxm-a | ||
Cisco Catalyst 9300-48uxm-e | ||
Cisco Catalyst 9300l-24p-4g-a | ||
Cisco Catalyst 9300l-24p-4g-e | ||
Cisco Catalyst 9300l-24p-4x-a | ||
Cisco Catalyst 9300l-24p-4x-e | ||
Cisco Catalyst 9300l-24t-4g-a | ||
Cisco Catalyst 9300l-24t-4g-e | ||
Cisco Catalyst 9300l-24t-4x-a | ||
Cisco Catalyst 9300l-24t-4x-e | ||
Cisco Catalyst 9300l-48p-4g-a | ||
Cisco Catalyst 9300l-48p-4g-e | ||
Cisco Catalyst 9300l-48p-4x-a | ||
Cisco Catalyst 9300l-48p-4x-e | ||
Cisco Catalyst 9300l-48t-4g-a | ||
Cisco Catalyst 9300l-48t-4g-e | ||
Cisco Catalyst 9300l-48t-4x-a | ||
Cisco Catalyst 9300l-48t-4x-e | ||
Cisco Catalyst 9300l Stack | ||
Cisco Catalyst C9500-12q-a | ||
Cisco Catalyst C9500-12q-e | ||
Cisco Catalyst C9500-16x-a | ||
Cisco Catalyst C9500-16x-e | ||
Cisco Catalyst C9500-24q-a | ||
Cisco Catalyst C9500-24q-e | ||
Cisco Catalyst C9500-40x-a | ||
Cisco Catalyst C9500-40x-e | ||
Cisco cBR-8 Converged Broadband Router |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco TrustSec (CTS) PAC provisioning module vulnerability is CVE-2019-12663.
The severity of CVE-2019-12663 is high with a CVSS score of 8.6.
This vulnerability affects Cisco IOS XE Software versions 16.6.4 and 16.12.1.
The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by causing a reload of the affected device.
To fix CVE-2019-12663, update your Cisco IOS XE Software to a fixed software release.