==================================================================== CERT-Renater Note d'Information No. 2019/VULN297 _____________________________________________________________________ DATE : 01/10/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS, Cisco IOS XE. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass _____________________________________________________________________ 1) Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability CVE-2019-12646 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg"] +-------------------------------------------------------------------- 2) Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability CVE-2019-12647 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos"] +-------------------------------------------------------------------- 3) Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability CVE-2019-12652 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos"] +-------------------------------------------------------------------- 4) Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability CVE-2019-12648 SIR: High CVSS Score v(3.0): 9.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth"] +-------------------------------------------------------------------- 5) Cisco IOS XE Software Web UI Command Injection Vulnerabilities CVE-2019-12650, CVE-2019-12651 SIR: High CVSS Score v(3.0): 7.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection"] +-------------------------------------------------------------------- 6) Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability CVE-2019-12654 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos"] +-------------------------------------------------------------------- 7) Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability CVE-2019-12653 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos"] +-------------------------------------------------------------------- 8) Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability CVE-2019-12658 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos"] +-------------------------------------------------------------------- 9) Cisco IOx Application Environment Denial of Service Vulnerability CVE-2019-12656 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox"] +-------------------------------------------------------------------- 10) Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability CVE-2019-12655 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp"] +-------------------------------------------------------------------- 11) Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability CVE-2019-12657 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd"] +-------------------------------------------------------------------- 12) Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability CVE-2019-12649 SIR: High CVSS Score v(3.0): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================