Sign-up

ID

VAR-201205-0287


CVE

CVE-2012-0362


TITLE

Cisco IOS Expansion ACL Vulnerabilities that prevent access restrictions on functions

Trust: 0.8

sources: JVNDB: JVNDB-2012-002207

DESCRIPTION

The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. The problem is Bug ID CSCts01106 It is a problem.A third party may be able to circumvent access restrictions by sending network traffic using this situation. IOS is prone to a security bypass vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. There is a vulnerability in the extended ACL function of Cisco IOS 12.2(58)SE2 release and 15.0(1)SE release

Trust: 1.98

sources: NVD: CVE-2012-0362 // JVNDB: JVNDB-2012-002207 // BID: 78284 // VULHUB: VHN-53643

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2\(58\)ses

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0\(1\)se

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2(58)se2

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0(1)se

Trust: 0.8

vendor:ciscomodel:ios 15.0 sescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2 sesscope: - version: -

Trust: 0.3

sources: BID: 78284 // JVNDB: JVNDB-2012-002207 // CNNVD: CNNVD-201205-053 // NVD: CVE-2012-0362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0362
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0362
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201205-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53643
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0362
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53643
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53643 // JVNDB: JVNDB-2012-002207 // CNNVD: CNNVD-201205-053 // NVD: CVE-2012-0362

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-53643 // JVNDB: JVNDB-2012-002207 // NVD: CVE-2012-0362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-053

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201205-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002207

PATCH
title:Cisco IOS Software Releases 12.2 SEurl:http://www.cisco.com/en/US/products/ps10144/prod_release_notes_list.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-002207

EXTERNAL IDS
db:NVDid:CVE-2012-0362
Trust: 2.8
db:SECTRACKid:1027005
Trust: 1.4
db:JVNDBid:JVNDB-2012-002207
Trust: 0.8
db:CNNVDid:CNNVD-201205-053
Trust: 0.7
db:MLISTid:[CISCO-NSP] 20120202 AMBIGUOUS ACL
Trust: 0.6
db:BIDid:78284
Trust: 0.4
db:VULHUBid:VHN-53643
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53643 // 
            
            
            
            BID: 78284 // 
            
            
            
            JVNDB: JVNDB-2012-002207 // 
            
            
            
            CNNVD: CNNVD-201205-053 // 
            
            
            
            NVD: CVE-2012-0362

REFERENCES
url:http://puck.nether.net/pipermail/cisco-nsp/2012-february/083517.html
Trust: 2.0
url:http://www.securitytracker.com/id?1027005
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0362
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0362
Trust: 0.8
sources:
            
            
            VULHUB: VHN-53643 // 
            
            
            
            BID: 78284 // 
            
            
            
            JVNDB: JVNDB-2012-002207 // 
            
            
            
            CNNVD: CNNVD-201205-053 // 
            
            
            
            NVD: CVE-2012-0362

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78284

SOURCES
db:VULHUBid:VHN-53643
db:BIDid:78284
db:JVNDBid:JVNDB-2012-002207
db:CNNVDid:CNNVD-201205-053
db:NVDid:CVE-2012-0362

LAST UPDATE DATE
2025-04-11T22:49:39.641000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53643date:2012-10-30T00:00:00
db:BIDid:78284date:2012-05-02T00:00:00
db:JVNDBid:JVNDB-2012-002207date:2012-05-08T00:00:00
db:CNNVDid:CNNVD-201205-053date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0362date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-53643date:2012-05-02T00:00:00
db:BIDid:78284date:2012-05-02T00:00:00
db:JVNDBid:JVNDB-2012-002207date:2012-05-08T00:00:00
db:CNNVDid:CNNVD-201205-053date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0362date:2012-05-02T10:09:22.253