Symptom
A device running IOS-XE may experience a crash when handling FTP traffic via NAT ALG or ZBFW FTP inspection.
Conditions
Please refer to the Security Advisory which is available at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp
To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com at the following link: https://tools.cisco.com/security/center/softwarechecker.x
This impacts limited releases as follows.
3.16.8S and later. Fixed in 3.16.10S
16.3.7. Fixed in 16.3.8.
16.6.4 and 16.6.5. Fixed in 16.6.6.
16.9.1 and 16.9.2. Fixed in 16.9.3.
16.10.1 and later.
Fixed in 16.11.1 and later.
Workaround
Please refer to the Security Advisory.
Further Problem Description
Please refer to the Security Advisory.
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 8.6:
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE ID CVE-2019-12655 has been assigned to document this issue.
Additional information on Cisco''s security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
