Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
CVE-2019-12665

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS 12.2(15)b
Vendor: CVE Published:; 25 September 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

Affected Version(s)

Cisco IOS 12.2(15)B < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 21, 2024
Vulnerability published
Sep 25, 2019
Vulnerability Reserved
Jun 4, 2019