CVE-2019-12654

Summary

CVE	CVE-2019-12654
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-09-25 21:15:00 UTC
Updated	2023-05-22 18:57:00 UTC
Description	A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	1000 Integrated Services Router	-	All	All	All
Hardware	Cisco	1100 Integrated Services Router	-	All	All	All
Hardware	Cisco	1100 Integrated Services Router	-	All	All	All
Hardware	Cisco	4000 Integrated Services Router	-	All	All	All
Hardware	Cisco	4221 Integrated Services Router	-	All	All	All
Hardware	Cisco	4221 Integrated Services Router	-	All	All	All
Hardware	Cisco	4321 Integrated Services Router	-	All	All	All
Hardware	Cisco	4321 Integrated Services Router	-	All	All	All
Hardware	Cisco	4331 Integrated Services Router	-	All	All	All
Hardware	Cisco	4331 Integrated Services Router	-	All	All	All
Hardware	Cisco	4351 Integrated Services Router	-	All	All	All
Hardware	Cisco	4351 Integrated Services Router	-	All	All	All
Hardware	Cisco	4431 Integrated Services Router	-	All	All	All
Hardware	Cisco	4431 Integrated Services Router	-	All	All	All
Hardware	Cisco	4451-x Integrated Services Router	-	All	All	All
Hardware	Cisco	4451-x Integrated Services Router	-	All	All	All
Hardware	Cisco	Asr 1000	-	All	All	All
Hardware	Cisco	Asr 1000	-	All	All	All
Hardware	Cisco	Asr 1001-hx	-	All	All	All
Hardware	Cisco	Asr 1001-hx	-	All	All	All
Hardware	Cisco	Asr 1001-x	-	All	All	All
Hardware	Cisco	Asr 1001-x	-	All	All	All
Hardware	Cisco	Asr 1002-hx	-	All	All	All
Hardware	Cisco	Asr 1002-hx	-	All	All	All
Hardware	Cisco	Asr 1002-x	-	All	All	All
Hardware	Cisco	Asr 1002-x	-	All	All	All
Hardware	Cisco	Cloud Services Router 1000v	-	All	All	All
Hardware	Cisco	Cloud Services Router 1000v	-	All	All	All
Hardware	Cisco	Integrated Services Virtual Router	-	All	All	All
Hardware	Cisco	Integrated Services Virtual Router	-	All	All	All
Operating System	Cisco	Ios Xe	15.6(1)s4.2	All	All	All
Operating System	Cisco	Ios Xe	15.6\(1\)s4.2	All	All	All
Operating System	Cisco	Ios Xe	16.3.8	All	All	All
Operating System	Cisco	Ios Xe	16.9.1	All	All	All
Operating System	Cisco	Ios Xe	15.6\(1\)s4.2	All	All	All
Operating System	Cisco	Ios Xe	16.3.8	All	All	All
Operating System	Cisco	Ios Xe	16.9.1	All	All	All
Hardware	Cisco	Isr 1000	-	All	All	All
Hardware	Cisco	Isr 1000	-	All	All	All
Hardware	Cisco	Isr 4000	-	All	All	All
Hardware	Cisco	Isr 4000	-	All	All	All

References

Reference	Source	Link	Tags
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability	CISCO	tools.cisco.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.