Vulnerability Description
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 15.4\(3\)s |
| Cisco | 1100-4P | - |
| Cisco | 1100-8P | - |
| Cisco | 1101-4P | - |
| Cisco | 1109-2P | - |
| Cisco | 1109-4P | - |
| Cisco | 1111X-8P | - |
| Cisco | 4221 Integrated Services Router | - |
| Cisco | 4331 Integrated Services Router | - |
| Cisco | Csr 1000V | - |
| Cisco | Encs 5100 | - |
| Cisco | Encs 5400 | - |
| Cisco | Isrv | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12646?
CVE-2019-12646 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to c...
How severe is CVE-2019-12646?
CVE-2019-12646 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12646?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco 1100-4P, Cisco 1100-8P, Cisco 1101-4P, Cisco 1109-2P.