CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12654

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.5%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 7.8

References

Products affected by CVE-2019-12654

Cisco » 1000 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:1000_integrated_services_router:-
Cisco » 1100 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:1100_integrated_services_router:-
Cisco » 4000 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4000_integrated_services_router:-
Cisco » 4221 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4221_integrated_services_router:-
Cisco » 4321 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4321_integrated_services_router:-
Cisco » 4331 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4331_integrated_services_router:-
Cisco » 4351 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4351_integrated_services_router:-
Cisco » 4431 Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4431_integrated_services_router:-
Cisco » 4451-X Integrated Services Router » Version: N/A

cpe:2.3:h:cisco:4451-x_integrated_services_router:-
Cisco » Asr 1000 » Version: N/A

cpe:2.3:h:cisco:asr_1000:-
Cisco » Asr 1001-Hx » Version: N/A

cpe:2.3:h:cisco:asr_1001-hx:-
Cisco » Asr 1001-X » Version: N/A

cpe:2.3:h:cisco:asr_1001-x:-
Cisco » Asr 1002-Hx » Version: N/A

cpe:2.3:h:cisco:asr_1002-hx:-
Cisco » Asr 1002-X » Version: N/A

cpe:2.3:h:cisco:asr_1002-x:-
Cisco » Cloud Services Router 1000v » Version: N/A

cpe:2.3:h:cisco:cloud_services_router_1000v:-
Cisco » Integrated Services Virtual Router » Version: N/A

cpe:2.3:h:cisco:integrated_services_virtual_router:-
Cisco » Ios Xe » Version: 15.6(1)s4.2

cpe:2.3:o:cisco:ios_xe:15.6(1)s4.2
Cisco » Ios Xe » Version: 16.3.8

cpe:2.3:o:cisco:ios_xe:16.3.8
Cisco » Ios Xe » Version: 16.9.1

cpe:2.3:o:cisco:ios_xe:16.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12654

Products

Pricing

Contact Us