CVE-2019-12664

{"id": "CVE-2019-12664", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-25T21:15:11.343", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-isdn-data-leak", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Dialer interface para conexiones ISDN en el Software Cisco IOS XE para Cisco 4000 Series Integrated Services Routers (ISRs), podr\u00eda permitir a un atacante adyacente no autenticado pasar el tr\u00e1fico IPv4 por medio de un canal ISDN antes de una autenticaci\u00f3n PPP con \u00e9xito. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente del estado del Protocolo de Control IP PPP (IPCP). Un atacante podr\u00eda explotar esta vulnerabilidad al hacer una llamada ISDN hacia un dispositivo afectado y enviando tr\u00e1fico por medio del canal ISDN antes de una autenticaci\u00f3n PPP con \u00e9xito. Alternativamente, un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de tr\u00e1fico a trav\u00e9s de un dispositivo afectado que est\u00e1 configurado para salir por medio de una conexi\u00f3n RDSI para la que se han configurado tanto la Dialer interface como la Basic Rate Interface (BRI), pero la contrase\u00f1a de Challenge Handshake Authentication Protocol (CHAP) para PPP no coincide con el extremo remoto. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante pasar el tr\u00e1fico IPv4 por medio de una conexi\u00f3n ISDN no autenticada durante unos segundos, desde la configuraci\u00f3n inicial de la llamada ISDN hasta el fallo de la autenticaci\u00f3n PPP."}], "lastModified": "2023-05-22T18:57:24.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9421DBEF-AE42-4234-B49F-FCC34B804D7F"}, {"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5"}, {"criteria": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}