1. Home
  2. CVE Database
  3. CVE-2019-12656
HIGH · 7.5

CVE-2019-12656

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting ...

Vulnerability Description

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos1.6.0.0
CiscoIndustrial Ethernet 2000 Series Firmware15.2\(6\)e
CiscoIe 2000-16Ptc-G-
CiscoIe 2000-16T67-
CiscoIe 2000-16T67P-
CiscoIe 2000-16Tc-
CiscoIe 2000-16Tc-G-
CiscoIe 2000-16Tc-G-E-
CiscoIe 2000-16Tc-G-N-
CiscoIe 2000-16Tc-G-X-
CiscoIe 2000-24T67-
CiscoIe 2000-4S-Ts-G-
CiscoIe 2000-4T-
CiscoIe 2000-4T-G-
CiscoIe 2000-4Ts-
CiscoIe 2000-4Ts-G-
CiscoIe 2000-8T67-
CiscoIe 2000-8T67P-
CiscoIe 2000-8Tc-
CiscoIe 2000-8Tc-G-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2019-12656?

CVE-2019-12656 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting ...

How severe is CVE-2019-12656?

CVE-2019-12656 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12656?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Industrial Ethernet 2000 Series Firmware, Cisco Ie 2000-16Ptc-G, Cisco Ie 2000-16T67, Cisco Ie 2000-16T67P.