Sign-up

ID

VAR-201208-0706


CVE

CVE-2012-1367


TITLE

Cisco IOS of MallocLite Service disruption in implementations ( Route processor crash ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-003442

DESCRIPTION

The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. Cisco IOS is a popular Internet operating system. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtq06538

Trust: 2.52

sources: NVD: CVE-2012-1367 // JVNDB: JVNDB-2012-003442 // CNVD: CNVD-2012-4144 // BID: 54830 // VULHUB: VHN-54648

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-4144

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.1

Trust: 3.3

vendor:ciscomodel:iosscope:eqversion:15.2

Trust: 3.0

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 2.7

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 2.4

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 2.4

vendor:ciscomodel:ios sscope:eqversion:12.0

Trust: 0.9

vendor:ciscomodel:ios mscope:eqversion:15.0

Trust: 0.9

sources: CNVD: CNVD-2012-4144 // BID: 54830 // JVNDB: JVNDB-2012-003442 // CNNVD: CNNVD-201208-003 // NVD: CVE-2012-1367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1367
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1367
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-003
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54648
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1367
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54648
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54648 // JVNDB: JVNDB-2012-003442 // CNNVD: CNNVD-201208-003 // NVD: CVE-2012-1367

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-54648 // JVNDB: JVNDB-2012-003442 // NVD: CVE-2012-1367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-003

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201208-003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003442

PATCH
title:Caveats for 12.2(33)SRE through 12.2(33)SRE6url:http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html
Trust: 0.8
title:Patch for Cisco IOS SSH2 Session Remote Denial of Service Vulnerability (CNVD-2012-4144)url:https://www.cnvd.org.cn/patchInfo/show/19613
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-4144 // 
            
            
            
            JVNDB: JVNDB-2012-003442

EXTERNAL IDS
db:NVDid:CVE-2012-1367
Trust: 3.4
db:JVNDBid:JVNDB-2012-003442
Trust: 0.8
db:CNNVDid:CNNVD-201208-003
Trust: 0.7
db:CNVDid:CNVD-2012-4144
Trust: 0.6
db:NSFOCUSid:20249
Trust: 0.6
db:BIDid:54830
Trust: 0.4
db:VULHUBid:VHN-54648
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4144 // 
            
            
            
            VULHUB: VHN-54648 // 
            
            
            
            BID: 54830 // 
            
            
            
            JVNDB: JVNDB-2012-003442 // 
            
            
            
            CNNVD: CNNVD-201208-003 // 
            
            
            
            NVD: CVE-2012-1367

REFERENCES
url:http://www.cisco.com/en/us/docs/ios/12_2sr/release/notes/122srcavs1.html
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1367
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1367
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20249
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-4144 // 
            
            
            
            VULHUB: VHN-54648 // 
            
            
            
            BID: 54830 // 
            
            
            
            JVNDB: JVNDB-2012-003442 // 
            
            
            
            CNNVD: CNNVD-201208-003 // 
            
            
            
            NVD: CVE-2012-1367

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 54830

SOURCES
db:CNVDid:CNVD-2012-4144
db:VULHUBid:VHN-54648
db:BIDid:54830
db:JVNDBid:JVNDB-2012-003442
db:CNNVDid:CNNVD-201208-003
db:NVDid:CVE-2012-1367

LAST UPDATE DATE
2025-04-11T23:05:44.957000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4144date:2012-08-09T00:00:00
db:VULHUBid:VHN-54648date:2012-08-06T00:00:00
db:BIDid:54830date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2012-003442date:2012-08-07T00:00:00
db:CNNVDid:CNNVD-201208-003date:2012-08-08T00:00:00
db:NVDid:CVE-2012-1367date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-4144date:2012-08-09T00:00:00
db:VULHUBid:VHN-54648date:2012-08-06T00:00:00
db:BIDid:54830date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2012-003442date:2012-08-07T00:00:00
db:CNNVDid:CNNVD-201208-003date:2012-08-08T00:00:00
db:NVDid:CVE-2012-1367date:2012-08-06T15:55:01.243