CVE-2019-12665

HIGH

Cisco IOS and IOS XE - Unauthenticated Data Exposure and Modification via HTTP Client Connection Reuse

Title source: llm
STIX 2.1

Description

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

References (1)

Core 1
Core References

Scores

CVSS v3 7.4
EPSS 0.0109
EPSS Percentile 61.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-399
Status published
Products (2)
cisco/ios 15.6\(2\)t
cisco/ios fd-1.5.0
Published Sep 25, 2019
Tracked Since Feb 18, 2026