Cisco has assigned the identifier CVE-2019-12520 to this vulnerability. There are no known workarounds at this time. Cisco has released software updates that address this vulnerability. There are no known cases of active exploitation. Exploits that target this vulnerability are likely to be publicly available. Cisco customers should update to the latest releases as soon as possible. Customers may also consider applying the suggested mitigations. - Restrict access to the affected devices. - Restrict access to the CIP server. - Restrict access to the management network. - Restrict access to the affected devices via a firewall. - Restrict access to the CIP server via a firewall. - Restrict access to the management network via a firewall. - Restrict access to the affected devices via a host-based firewall. - Restrict access to the CIP server via a host-based firewall. - Restrict access to the management network via a host-based firewall. - Restrict access to the affected devices via a router or switch. - Restrict access to the CIP server via a router or switch. - Restrict access to the management network via a router or switch. - Restrict access to the affected devices via a virtual private network (VPN).
Vulnerability Description
This vulnerability is a vulnerability in the Cisco IOS Software, specifically the Cisco IOS CIP server. This vulnerability could allow an unauthenticated, remote attacker to cause a reload of an affected device or execute arbitrary code on an affected device. The vulnerability is due to insufficient input validation of certain parameters by the CIP server. An attacker could exploit this vulnerability by sending crafted packets to the affected system via IPv4 or IPv6.
Cisco has verified that its products are not affected by the vulnerability described in CVE-2019-12520.
Cisco has confirmed that its products are not affected by this vulnerability and has released software updates to address the identified vulnerabilities. Cisco customers should update to the latest releases as soon as possible. Customers may also consider applying the suggested mitigations.
Cisco Product Updates
Cisco has resolved a vulnerability in Cisco IOS, Cisco IOS XE, and Cisco IOS XR software. These updates address the vulnerability identified by CVE-2019-12520 that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Timeline
Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 16:10:00 UTC