CVE-2019-12665 MEDIUM

CVE-2019-12665: Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability

Vendor Cisco
Product Cisco IOS 12.2(15)B
Weakness CWE-399
Published September 25, 2019
Last update November 21, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

Key dates

02Disclosure timeline

September 25, 2019 CVE published
November 21, 2024 Record updated