LiveActive security incident?Get immediate response
CVE Record

CVE-2019-12660: Cisco IOS XE Software ASIC Register Write Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

An authenticated local CLI user could change low-level device memory on an affected Cisco IOS XE device, potentially making network equipment insecure or unstable. This is not described as remotely exploitable without access, but it matters where shared administration, weak account control, or compromised credentials exist.

Executive priority

Treat as a targeted network infrastructure risk, especially in environments with many administrators or weak credential controls. Prioritize inventory and vendor-guided remediation, but urgency is lower than unauthenticated remote-execution issues.

Technical view

CVE-2019-12660 is an improper input validation and authorization flaw in Cisco IOS XE CLI commands. With local authenticated access, an attacker could write values to underlying memory and alter device configuration. CVSS 3.0 is 5.5, with local attack vector, low privileges required, and high integrity impact.

Likely exposure

The source bundle names Cisco IOS XE Software 3.2.11aSG as affected. Exposure should be confirmed against Cisco’s advisory and device inventory. Do not assume other products or versions are affected from the provided evidence alone.

Exploitation context

The provided sources indicate exploitation requires authenticated local access to the device CLI. CISA KEV status is false, and the bundle provides no evidence of active exploitation. No exploit details should be inferred beyond the CVE description.

Researcher notes

Evidence is limited to the CVE metadata and Cisco advisory reference. The weakness is mapped to CWE-668, and the stated impact is integrity-focused. The source bundle does not provide patch details, exploit maturity, or broader affected-version ranges.

Mitigation direction

  • Review Cisco’s advisory for fixed releases or vendor-approved workarounds.
  • Inventory IOS XE devices and identify any running the named affected version.
  • Restrict CLI access to trusted administrative users only.
  • Review and tighten device account privileges and authentication controls.
  • Monitor configuration changes on affected network devices.

Validation and detection

  • Confirm device software versions against the Cisco advisory.
  • Review administrative account lists for unnecessary local CLI access.
  • Check change logs for unexpected configuration modifications.
  • Validate that network device access paths require strong authentication.
  • Document any affected assets and remediation status.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-668: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-12660 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.0MediumCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N1.83.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

5.5Medium
CVSS 3.0 vector shape for CVE-2019-12660Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco IOS XE Software 3.2.11aSGunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-668 · source CWE mapping

Exposure of Resource to Wrong Sphere

Exposure of Resource to Wrong Sphere represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.