Vulnerabilities > CVE-2019-12647 - NULL Pointer Dereference vulnerability in Cisco IOS XE Fuji16.7.1/Fuji16.8.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
CWE-476
nessus

Summary

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20190925-IOS-XE-IDENTD-DOS.NASL
    descriptionAccording to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability exists in Ident protocol handler of Cisco IOS and IOS XE Software due to incorrectly handling memory structures, leading to a NULL pointer dereference. An unauthenticated, remote attacker can exploit this issue, via opening a TCP connection to specific ports and sending traffic over that connection, to cause the affected device to reload, resulting in a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information
    last seen2020-06-01
    modified2020-06-02
    plugin id130022
    published2019-10-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130022
    titleCisco IOS XR gRPC Software Denial of Service Vulnerability
  • NASL familyCISCO
    NASL idCISCO-SA-20190925-IOS-IDENTD-DOS.NASL
    descriptionAccording to its self-reported version, Cisco IOS Software is affected by a denial of service (DoS) vulnerability exists in Ident protocol handler of Cisco IOS and IOS XE Software due to incorrectly handling memory structures, leading to a NULL pointer dereference. An unauthenticated, remote attacker can exploit this issue, via opening a TCP connection to specific ports and sending traffic over that connection, to cause the affected device to reload, resulting in a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information
    last seen2020-06-01
    modified2020-06-02
    plugin id130021
    published2019-10-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130021
    titleCisco IOS XR gRPC Software Denial of Service Vulnerability