First published: Wed Sep 25 2019(Updated: )
A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS | =15.2\(3\)e | |
Cisco IOS | =15.2\(3\)e5 | |
Cisco IOS | =16.11.1 | |
Cisco Catalyst 3560 | ||
Cisco Catalyst 3560-e | ||
Cisco Catalyst 3560-x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-12669.
The severity of CVE-2019-12669 is high with a severity value of 7.5.
The affected software for CVE-2019-12669 includes Cisco IOS XE Software versions 15.2(3)e, 15.2(3)e5, and 16.11.1.
CVE-2019-12669 can allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
No, Cisco Catalyst 3560, 3560-e, and 3560-x are not vulnerable to CVE-2019-12669.