CVE-2019-12714
First published: Wed Oct 02 2019(Updated: )
A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages system resources. An attacker could exploit this vulnerability by opening a large number of simultaneous sessions on the web-based management interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition of the web-based management interface, preventing normal management operations.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ic3000 Industrial Compute Gateway Firmware | <1.1.1 | |
| Cisco IC3000 Industrial Compute Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco IC3000 Industrial Compute Gateway vulnerability?
The vulnerability ID for this Cisco IC3000 Industrial Compute Gateway vulnerability is CVE-2019-12714.
What is the severity of CVE-2019-12714?
The severity of CVE-2019-12714 is medium (CVSS score 6.5).
What is the affected software for CVE-2019-12714?
The affected software for CVE-2019-12714 is Cisco IC3000 Industrial Compute Gateway firmware version up to exclusive 1.1.1.
How can an attacker exploit CVE-2019-12714?
An attacker can exploit CVE-2019-12714 by sending specially crafted requests to the web-based management interface, causing a denial of service (DoS) condition on the affected device.
Is there a fix available for CVE-2019-12714?
Yes, Cisco has released a security advisory with mitigation details for CVE-2019-12714. It is recommended to follow the provided guidance to secure the affected devices.