CVE-2019-12646— Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

EPSS 0.87% · P75 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-12646

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

资源管理错误

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco IOS XE 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco IOS XE是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS XE中的Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG)存在资源管理错误漏洞，该漏洞源于程序没有正确处理临时的SIP数据包。远程攻击者可借助UDP 5060端口发送特制的SIP数据包利用该漏洞造成设备重新加载，导致拒绝服务。以下产品及版本受到影响：Ci

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco IOS XE Software	unspecified ~ 3.2.11aSG	-

II. Public POCs for CVE-2019-12646

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-12646

请登录查看更多情报信息。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-algvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2019-12646

Same Patch Batch · Cisco · 2019-09-25 · 29 CVEs total

CVE-2019-12671		Cisco IOS XE Software Consent Token Bypass Vulnerability
CVE-2019-12650		Cisco IOS XE Software Web UI Command Injection Vulnerabilities
CVE-2019-12649		Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
CVE-2019-12648		Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
CVE-2019-12647		Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability
CVE-2019-12651		Cisco IOS XE Software Web UI Command Injection Vulnerabilities
CVE-2019-12653		Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability
CVE-2019-12665		Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
CVE-2019-12663		Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service
CVE-2019-12661		Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability
CVE-2019-12659		Cisco IOS XE Software HTTP Server Denial of Service Vulnerability
CVE-2019-12657		Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability
CVE-2019-12655		Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Ser
CVE-2019-12709		Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability
CVE-2019-12672		Cisco IOS XE Software Arbitrary Code Execution Vulnerability
CVE-2019-12669		Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability
CVE-2019-12667		Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability
CVE-2019-12658		Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
CVE-2019-12656		Cisco IOx Application Environment Denial of Service Vulnerability
CVE-2019-12654		Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco IOS XE Software

Same vendor: Cisco

Same weakness: CWE-399

V. Comments for CVE-2019-12646

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-12646— Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

I. Basic Information for CVE-2019-12646

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-12646

III. Intelligence Information for CVE-2019-12646

Same Patch Batch · Cisco · 2019-09-25 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-12646

Leave a comment