{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software ", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-09-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-25T20:15:34", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190925 Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos"}], "source": {"advisory": "cisco-sa-20190925-ctspac-dos", "defect": [["CSCvo79239"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-09-25T16:00:00-0700", "ID": "CVE-2019-12663", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software ", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "6.8", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "20190925 Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos"}]}, "source": {"advisory": "cisco-sa-20190925-ctspac-dos", "defect": [["CSCvo79239"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-12663", "datePublished": "2019-09-25T00:00:00", "dateReserved": "2019-06-04T00:00:00", "dateUpdated": "2019-09-25T20:15:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3765B3DB-8B1B-46EF-AF7D-ED1EB2079C3A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "74AED057-2458-4DE0-8D51-ABD766D07F68", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "19538C03-5FB8-4401-8B21-489C629D7E7D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "B26D7061-F471-4DF0-A892-ED132958B84A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "033ED443-80E7-4012-9825-07AAC0D44B96", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD3F3CC6-A349-47B1-B282-B6458683C191", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB24EF21-1C10-48A7-BC68-FFC842A28D12", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED0625A2-BF14-4552-83D8-AEE0A04EA023", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD0D6ED6-AE64-4E20-B9CD-3EAA22709CFF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "21AFDC0D-7629-424E-827B-C8A8767324C3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A263CFF2-A659-405B-90EA-51E49B25C6D3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEFBD449-217D-4569-99F7-D56B853A3E07", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "7ED668FC-D1A5-4175-A234-23760BA6E788", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D650C48-9241-42F7-87A9-20733329489A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ED16A65-9AFF-4825-95D1-162FBA0F566D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "82D345E7-8208-41AC-B11A-4425D29E98A1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E386D461-F1C1-4970-B056-D6119E74D449", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F3A466-F665-4132-ABC4-2DFC0A7E2B55", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3395168-FF2E-4CB6-AABE-5E36DEB241CA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F525CBC-1CE6-4CAB-B1C1-DFA7EA462EF0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "226F985C-4669-4D0A-9DB4-CB1465B37B02", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B736A43-6F4E-40A9-84E4-D9E251489234", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "26437DA7-2EFE-4CA2-8DB0-9FECBEFAE4EA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E99CA124-7D86-463B-A31E-A7836B7493E6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E014B028-8DD9-428C-B705-8F428F145932", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C44229-A842-49B2-AD3E-79C83DB63EBE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D56D21F-0F55-4AB1-AB9B-8EAE08F4BEDA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C0441D-A7AC-4B4E-970A-3A441C2F66B0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5306E847-C718-4C83-9C97-8AB498DC4A88", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "18287CEF-B574-4498-A256-567CA6E6CA7C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E9AAA2C-495E-4FD1-9050-264FDC25254B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5713043E-2535-4540-B3EF-41FAC40BECE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C0C18E5-45B9-49D2-A4AB-DD8D5CB04C5C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "67701D77-8B03-446A-AE22-4B8CCCD6F029", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B0BEAE3-2056-4B7B-8D7C-AEE3DC86CC2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "831A2390-7170-4FC0-A95E-3DAB1791017D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F788CBC4-782F-4A43-AC80-4AEF1C43A22D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "493989DC-8F1B-45C9-AD11-38B97B958C9C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*", "matchCriteriaId": "419ABFB5-2C27-4EBE-98EF-8A8B718CD1F9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D09786E-BB71-4ECA-878A-2CD33EE2DFF2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "32A2AD4E-27B8-4022-90D5-34DA597B55E1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F69531D5-09B2-407D-8361-2FD7C93FF841", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB3D5CED-76D9-4A9C-8FD2-34DDED24E714", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC50F73C-5026-44E0-AE29-E8AD3A112FC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FF0D66-D25B-4240-883D-8B02B17DB1A8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "45233420-4380-4D64-B46D-D400A7224CA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7925AF68-4E36-4281-A710-070DD4BEDA8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6CCBE67-E509-43EC-9AFB-8A9B6A115126", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo de aprovisionamiento Cisco TrustSec (CTS) Protected Access Credential (PAC) del software Cisco IOS XE, podr\u00eda permitir a un atacante remoto no autenticado causar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a la comprobaci\u00f3n inapropiada de atributos en los mensajes RADIUS. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un mensaje RADIUS malicioso hacia un dispositivo afectado mientras el dispositivo se encuentra en un estado espec\u00edfico."}], "id": "CVE-2019-12663", "lastModified": "2019-10-09T23:46:01.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-25T21:15:11.267", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ctspac-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}