A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-09-25T20:15:34.426881Z
Updated: 2024-09-16T23:05:59.680Z
Reserved: 2019-06-04T00:00:00
Link: CVE-2019-12665
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-09-25T21:15:11.390
Modified: 2021-11-02T20:04:30.587
Link: CVE-2019-12665
Redhat
No data.