Details of VAR-201208-0703

ID

VAR-201208-0703

CVE

CVE-2012-1361

TITLE

Cisco IOS Vulnerability in obtaining important crosstalk information

Trust: 0.8

sources: JVNDB: JVNDB-2012-003473

DESCRIPTION

Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. The problem is Bug ID CSCtx77750 It is a problem.By a third party PSTN By eavesdropping on calls, you may get important crosstalk information. Cisco IOS is a popular Internet operating system. In Cisco IOS 15.1 and 15.2, PSTN callers can hear crosstalk messages while the phone is on standby, causing sensitive information to leak. An attacker can exploit this issue to gain access to sensitive information. Information obtained may aid in further attacks. This vulnerability is tracked by Cisco Bug ID CSCtx77750

Trust: 2.52

sources: NVD: CVE-2012-1361 // JVNDB: JVNDB-2012-003473 // CNVD: CNVD-2012-4129 // BID: 54828 // VULHUB: VHN-54642

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4129

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.7
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 2.4
vendor:	cisco	model:	ios 15.1 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	eq	version:	15.2x	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1x	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0x	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 s2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t4	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1snh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sng	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 ey2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios sg	scope:	eq	version:	15.1	Trust: 0.3
vendor:	cisco	model:	ios m	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2012-4129 // BID: 54828 // JVNDB: JVNDB-2012-003473 // CNNVD: CNNVD-201208-041 // NVD: CVE-2012-1361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1361
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1361
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-041
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54642
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1361
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54642
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54642 // JVNDB: JVNDB-2012-003473 // CNNVD: CNNVD-201208-041 // NVD: CVE-2012-1361

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-54642 // JVNDB: JVNDB-2012-003473 // NVD: CVE-2012-1361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-041

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201208-041

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003473

PATCH

title:	Release 15.1(3)T Caveats	url:	http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html	Trust: 0.8
title:	Patch for Cisco IOS Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/19568	Trust: 0.6

sources: CNVD: CNVD-2012-4129 // JVNDB: JVNDB-2012-003473

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1361	Trust: 3.4
db:	JVNDB	id:	JVNDB-2012-003473	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-041	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4129	Trust: 0.6
db:	NSFOCUS	id:	20240	Trust: 0.6
db:	BID	id:	54828	Trust: 0.4
db:	VULHUB	id:	VHN-54642	Trust: 0.1

sources: CNVD: CNVD-2012-4129 // VULHUB: VHN-54642 // BID: 54828 // JVNDB: JVNDB-2012-003473 // CNNVD: CNNVD-201208-041 // NVD: CVE-2012-1361

REFERENCES

url:	http://www.cisco.com/en/us/docs/ios/15_1/release/notes/151-3tcavs.html	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1361	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1361	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20240	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2012-4129 // VULHUB: VHN-54642 // BID: 54828 // JVNDB: JVNDB-2012-003473 // CNNVD: CNNVD-201208-041 // NVD: CVE-2012-1361

CREDITS

Cisco

Trust: 0.3

sources: BID: 54828

SOURCES

db:	CNVD	id:	CNVD-2012-4129
db:	VULHUB	id:	VHN-54642
db:	BID	id:	54828
db:	JVNDB	id:	JVNDB-2012-003473
db:	CNNVD	id:	CNNVD-201208-041
db:	NVD	id:	CVE-2012-1361

LAST UPDATE DATE

2025-04-11T23:14:49.211000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4129	date:	2012-08-09T00:00:00
db:	VULHUB	id:	VHN-54642	date:	2012-08-07T00:00:00
db:	BID	id:	54828	date:	2015-03-19T09:42:00
db:	JVNDB	id:	JVNDB-2012-003473	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-041	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1361	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4129	date:	2012-08-09T00:00:00
db:	VULHUB	id:	VHN-54642	date:	2012-08-06T00:00:00
db:	BID	id:	54828	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003473	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-041	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1361	date:	2012-08-06T18:55:01.070