Details of VAR-201208-0698

ID

VAR-201208-0698

CVE

CVE-2012-1344

TITLE

Cisco IOS Service disruption in ( Device reload ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-003468

DESCRIPTION

Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. Cisco IOS is a popular Internet operating system. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtr86328

Trust: 2.61

sources: NVD: CVE-2012-1344 // JVNDB: JVNDB-2012-003468 // CNVD: CNVD-2012-4127 // BID: 54835 // VULHUB: VHN-54625 // VULMON: CVE-2012-1344

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4127

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 3.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 3.0

sources: CNVD: CNVD-2012-4127 // BID: 54835 // JVNDB: JVNDB-2012-003468 // CNNVD: CNNVD-201208-036 // NVD: CVE-2012-1344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1344
value:	LOW
Trust: 1.0
NVD:	CVE-2012-1344
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201208-036
value:	LOW
Trust: 0.6
VULHUB:	VHN-54625
value:	LOW
Trust: 0.1
VULMON:	CVE-2012-1344
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-1344
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-54625
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54625 // VULMON: CVE-2012-1344 // JVNDB: JVNDB-2012-003468 // CNNVD: CNNVD-201208-036 // NVD: CVE-2012-1344

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-54625 // JVNDB: JVNDB-2012-003468 // NVD: CVE-2012-1344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-036

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201208-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003468

PATCH

title:	Release 15.1(2)T Caveats	url:	http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html	Trust: 0.8
title:	Patch for Cisco IOS clientless SSL VPN Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/19564	Trust: 0.6

sources: CNVD: CNVD-2012-4127 // JVNDB: JVNDB-2012-003468

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1344	Trust: 3.5
db:	SECTRACK	id:	1027371	Trust: 1.2
db:	JVNDB	id:	JVNDB-2012-003468	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-036	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4127	Trust: 0.6
db:	NSFOCUS	id:	20292	Trust: 0.6
db:	NSFOCUS	id:	20250	Trust: 0.6
db:	BID	id:	54835	Trust: 0.5
db:	VULHUB	id:	VHN-54625	Trust: 0.1
db:	VULMON	id:	CVE-2012-1344	Trust: 0.1

sources: CNVD: CNVD-2012-4127 // VULHUB: VHN-54625 // VULMON: CVE-2012-1344 // BID: 54835 // JVNDB: JVNDB-2012-003468 // CNNVD: CNNVD-201208-036 // NVD: CVE-2012-1344

REFERENCES

url:	http://www.cisco.com/en/us/docs/ios/15_1/release/notes/151-2tcavs.html	Trust: 2.4
url:	http://www.securitytracker.com/id?1027371	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1344	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1344	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20292	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20250	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/54835	Trust: 0.1

sources: CNVD: CNVD-2012-4127 // VULHUB: VHN-54625 // VULMON: CVE-2012-1344 // BID: 54835 // JVNDB: JVNDB-2012-003468 // CNNVD: CNNVD-201208-036 // NVD: CVE-2012-1344

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 54835

SOURCES

db:	CNVD	id:	CNVD-2012-4127
db:	VULHUB	id:	VHN-54625
db:	VULMON	id:	CVE-2012-1344
db:	BID	id:	54835
db:	JVNDB	id:	JVNDB-2012-003468
db:	CNNVD	id:	CNNVD-201208-036
db:	NVD	id:	CVE-2012-1344

LAST UPDATE DATE

2025-04-11T22:56:09.086000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4127	date:	2012-08-09T00:00:00
db:	VULHUB	id:	VHN-54625	date:	2013-04-02T00:00:00
db:	VULMON	id:	CVE-2012-1344	date:	2013-04-02T00:00:00
db:	BID	id:	54835	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003468	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-036	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1344	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4127	date:	2012-08-09T00:00:00
db:	VULHUB	id:	VHN-54625	date:	2012-08-06T00:00:00
db:	VULMON	id:	CVE-2012-1344	date:	2012-08-06T00:00:00
db:	BID	id:	54835	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003468	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-036	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1344	date:	2012-08-06T18:55:00.837