Vulnerability Description
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 16.9 |
| Cisco | Asr 902 | - |
| Cisco | Asr 902U | - |
| Cisco | Asr 903 | - |
| Cisco | Asr 907 | - |
| Cisco | Asr 914 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12653?
CVE-2019-12653 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service...
How severe is CVE-2019-12653?
CVE-2019-12653 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12653?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Asr 902, Cisco Asr 902U, Cisco Asr 903, Cisco Asr 907.