First published: Wed Sep 25 2019(Updated: )
A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =16.6.4 | |
Cisco IOS XE | =16.12.1 | |
Cisco Catalyst 9300-24p-a Firmware | ||
Cisco Catalyst 9300-24p-e Firmware | ||
Cisco Catalyst 9300-24s-a Firmware | ||
Cisco Catalyst 9300-24s-e Firmware | ||
Cisco Catalyst 9300-24T-A Firmware | ||
Cisco Catalyst 9300-24t-e Firmware | ||
Cisco Catalyst 9300-24u-a Firmware | ||
Cisco Catalyst 9300-24u-e Firmware | ||
Cisco Catalyst 9300-24ux-a Firmware | ||
Cisco Catalyst 9300-24ux-e Firmware | ||
Cisco Catalyst 9300-48p-a Firmware | ||
Cisco Catalyst 9300-48p-e Firmware | ||
Cisco Catalyst 9300-48s-a Firmware | ||
Cisco Catalyst 9300-48s-e Firmware | ||
Cisco Catalyst 9300-48T-A Firmware | ||
Cisco Catalyst 9300-48t-e Firmware | ||
Cisco Catalyst 9300-48U-A Firmware | ||
Cisco Catalyst 9300-48u-e Firmware | ||
Cisco Catalyst 9300-48un-a Firmware | ||
Cisco Catalyst 9300-48un-e Firmware | ||
Cisco Catalyst 9300-48UXM-A Firmware | ||
Cisco Catalyst 9300-48uxm-e Firmware | ||
Cisco Catalyst 9300L-24P-4G-A Firmware | ||
Cisco Catalyst 9300l-24p-4g-e Firmware | ||
Cisco Catalyst 9300L-24P-4X-A Firmware | ||
Cisco Catalyst 9300L-48P-4X-E Firmware | ||
Cisco Catalyst 9300l-24t-4g-a Firmware | ||
Cisco Catalyst 9300L-24T-4G-E Firmware | ||
Cisco Catalyst 9300L-24T-4X-A Firmware | ||
Cisco Catalyst 9300L-24T-4X-E Firmware | ||
Cisco Catalyst 9300L-48P-4G-A Firmware | ||
Cisco Catalyst 9300l-48p-4g-e Firmware | ||
Cisco Catalyst 9300l-48p-4x-a Firmware | ||
Cisco Catalyst 9300L-48P-4X-E Firmware | ||
Cisco Catalyst 9300l-48t-4g-a Firmware | ||
Cisco Catalyst 9300l-48t-4g-e Firmware | ||
Cisco Catalyst 9300l-48t-4x-a Firmware | ||
Cisco Catalyst 9300L-48T-4X-E Firmware | ||
Cisco Catalyst 9300L Stack | ||
Cisco Catalyst C9500-12Q-A | ||
Cisco Catalyst 9500 | ||
Cisco Catalyst C9500-16X-A | ||
Cisco Catalyst 9500 Series | ||
Cisco Catalyst C9500 Series Switches | ||
Cisco Catalyst 9500 | ||
Cisco Catalyst 9500-40X-A | ||
Cisco Catalyst 9500-40X-E | ||
Cisco cBR-8 Converged Broadband Routers |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco TrustSec (CTS) PAC provisioning module vulnerability is CVE-2019-12663.
The severity of CVE-2019-12663 is high with a CVSS score of 8.6.
This vulnerability affects Cisco IOS XE Software versions 16.6.4 and 16.12.1.
The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by causing a reload of the affected device.
To fix CVE-2019-12663, update your Cisco IOS XE Software to a fixed software release.