Details of VAR-201208-0700

ID

VAR-201208-0700

CVE

CVE-2012-1348

TITLE

Cisco Wide Area Application Services Vulnerabilities that can capture important information on the appliance

Trust: 0.8

sources: JVNDB: JVNDB-2012-003470

DESCRIPTION

Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. The problem is Bug ID CSCty17279 It is a problem.A brute force attack on a hash string by a third party (Brute force attack) You may get important information through. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCty17279

Trust: 1.98

sources: NVD: CVE-2012-1348 // JVNDB: JVNDB-2012-003470 // BID: 54849 // VULHUB: VHN-54629

AFFECTED PRODUCTS

vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.1	Trust: 1.9
vendor:	cisco	model:	wide area application services	scope:	eq	version:	5.0	Trust: 1.9
vendor:	cisco	model:	wide area application services	scope:	eq	version:	4.4	Trust: 1.9
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	4.4	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.0	Trust: 0.8
vendor:	cisco	model:	wide area application services software	scope:	eq	version:	5.1	Trust: 0.8
vendor:	cisco	model:	wide area application services	scope:	ne	version:	5.0.1	Trust: 0.3

sources: BID: 54849 // JVNDB: JVNDB-2012-003470 // CNNVD: CNNVD-201208-038 // NVD: CVE-2012-1348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1348
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1348
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-038
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54629
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1348
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54629
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54629 // JVNDB: JVNDB-2012-003470 // CNNVD: CNNVD-201208-038 // NVD: CVE-2012-1348

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-54629 // JVNDB: JVNDB-2012-003470 // NVD: CVE-2012-1348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-038

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201208-038

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003470

PATCH

title:

Release Note for Cisco Wide Area Application Services Software Version 5.0.1x

url:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2012-003470

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1348	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003470	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-038	Trust: 0.7
db:	NSFOCUS	id:	20256	Trust: 0.6
db:	BID	id:	54849	Trust: 0.4
db:	VULHUB	id:	VHN-54629	Trust: 0.1

sources: VULHUB: VHN-54629 // BID: 54849 // JVNDB: JVNDB-2012-003470 // CNNVD: CNNVD-201208-038 // NVD: CVE-2012-1348

REFERENCES

url:	http://www.cisco.com/en/us/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1348	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1348	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20256	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-54629 // BID: 54849 // JVNDB: JVNDB-2012-003470 // CNNVD: CNNVD-201208-038 // NVD: CVE-2012-1348

CREDITS

Reported by Vendor

Trust: 0.3

sources: BID: 54849

SOURCES

db:	VULHUB	id:	VHN-54629
db:	BID	id:	54849
db:	JVNDB	id:	JVNDB-2012-003470
db:	CNNVD	id:	CNNVD-201208-038
db:	NVD	id:	CVE-2012-1348

LAST UPDATE DATE

2025-04-11T23:15:32.927000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54629	date:	2012-08-07T00:00:00
db:	BID	id:	54849	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003470	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-038	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1348	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54629	date:	2012-08-06T00:00:00
db:	BID	id:	54849	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003470	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-038	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1348	date:	2012-08-06T18:55:00.930