Cisco IOS XE Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)

high Nessus Plugin ID 129695

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A denial of service (DoS) vulnerability exists in the Session Initiation Protocol (SIP) component of Cisco IOS XE due to insufficient checks on an internal data structure which is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart of the system.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID(s)CSCvn00218.

See Also

http://www.nessus.org/u?6e59804f

http://www.nessus.org/u?e0995245

Plugin Details

Severity: High

ID: 129695

File Name: cisco-sa-20190925-sip-dos-iosxe.nasl

Version: 1.14

Type: combined

Family: CISCO

Published: 10/8/2019

Updated: 5/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-12654

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/25/2019

Vulnerability Publication Date: 9/25/2019

Reference Information

CVE: CVE-2019-12654

CWE: 476

CISCO-SA: cisco-sa-20190925-sip-dos

IAVA: 2019-A-0354-S

CISCO-BUG-ID: CSCvn00218