Details of VAR-201209-0396

ID

VAR-201209-0396

CVE

CVE-2012-3923

TITLE

Cisco IOS of SSLVPN Service disruption in implementations ( Device crash ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-004411

DESCRIPTION

The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. Cisco IOS is a popular Internet operating system. The vulnerability Cisco bug ID is CSCte41827. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause the affected device to crash and reload, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2012-3923 // JVNDB: JVNDB-2012-004411 // CNVD: CNVD-2012-5236 // BID: 55604 // VULHUB: VHN-57204

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-5236

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 3.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 3.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 3.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 3.0
vendor:	cisco	model:	ios 15.1 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.1 t3	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios 15.1 t4	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.0se	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 s2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios sg	scope:	eq	version:	15.1	Trust: 0.3
vendor:	cisco	model:	ios 15.1ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m5a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0sa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios m	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 ey2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1.3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 se1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0mra	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1snh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 gc2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.2 t2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 sg2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1sng	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 sy1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m3a	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2012-5236 // BID: 55604 // JVNDB: JVNDB-2012-004411 // CNNVD: CNNVD-201209-362 // NVD: CVE-2012-3923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3923
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3923
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201209-362
value:	LOW
Trust: 0.6
VULHUB:	VHN-57204
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3923
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57204
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57204 // JVNDB: JVNDB-2012-004411 // CNNVD: CNNVD-201209-362 // NVD: CVE-2012-3923

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-362

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-362

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004411

PATCH

title:	Release 15.2(1)T Caveats	url:	http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html	Trust: 0.8
title:	Patch for Cisco IOS SSL VPN Implementation Denial of Service Vulnerability (CNVD-2012-5236)	url:	https://www.cnvd.org.cn/patchInfo/show/22508	Trust: 0.6

sources: CNVD: CNVD-2012-5236 // JVNDB: JVNDB-2012-004411

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3923	Trust: 3.4
db:	JVNDB	id:	JVNDB-2012-004411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-362	Trust: 0.7
db:	CNVD	id:	CNVD-2012-5236	Trust: 0.6
db:	NSFOCUS	id:	20814	Trust: 0.6
db:	BID	id:	55604	Trust: 0.3
db:	VULHUB	id:	VHN-57204	Trust: 0.1

sources: CNVD: CNVD-2012-5236 // VULHUB: VHN-57204 // BID: 55604 // JVNDB: JVNDB-2012-004411 // CNNVD: CNNVD-201209-362 // NVD: CVE-2012-3923

REFERENCES

url:	http://www.cisco.com/en/us/docs/ios/15_2m_and_t/release/notes/152-1tcavs.html	Trust: 2.3
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78670	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3923	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3923	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20814	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2012-5236 // VULHUB: VHN-57204 // BID: 55604 // JVNDB: JVNDB-2012-004411 // CNNVD: CNNVD-201209-362 // NVD: CVE-2012-3923

CREDITS

Cisco

Trust: 0.3

sources: BID: 55604

SOURCES

db:	CNVD	id:	CNVD-2012-5236
db:	VULHUB	id:	VHN-57204
db:	BID	id:	55604
db:	JVNDB	id:	JVNDB-2012-004411
db:	CNNVD	id:	CNNVD-201209-362
db:	NVD	id:	CVE-2012-3923

LAST UPDATE DATE

2025-04-11T22:56:08.370000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-5236	date:	2012-09-19T00:00:00
db:	VULHUB	id:	VHN-57204	date:	2017-08-29T00:00:00
db:	BID	id:	55604	date:	2015-03-19T09:08:00
db:	JVNDB	id:	JVNDB-2012-004411	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-362	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3923	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-5236	date:	2012-09-19T00:00:00
db:	VULHUB	id:	VHN-57204	date:	2012-09-16T00:00:00
db:	BID	id:	55604	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004411	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-362	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3923	date:	2012-09-16T10:34:51.393