Details of VAR-201404-0019

ID

VAR-201404-0019

CVE

CVE-2012-4658

TITLE

Cisco IOS of ios-authproxy Denial of service in implementation (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-006197

DESCRIPTION

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. IOS is prone to a denial-of-service vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The vulnerability is caused by the program not correctly terminating the HTTP session

Trust: 2.07

sources: NVD: CVE-2012-4658 // JVNDB: JVNDB-2012-006197 // BID: 78145 // VULHUB: VHN-57939 // VULMON: CVE-2012-4658

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(1\)sy	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(1\)sy1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	lte	version:	15.1\(1\)sy2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lt	version:	15.1(1)sy3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(1\)sy2	Trust: 0.6
vendor:	cisco	model:	iosmigrate 15.1 sy2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	iosmigrate 15.1 sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 sy1	scope:	-	version:	-	Trust: 0.3

sources: BID: 78145 // JVNDB: JVNDB-2012-006197 // CNNVD: CNNVD-201404-454 // NVD: CVE-2012-4658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4658
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4658
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-454
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57939
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2012-4658
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4658
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-57939
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57939 // VULMON: CVE-2012-4658 // JVNDB: JVNDB-2012-006197 // CNNVD: CNNVD-201404-454 // NVD: CVE-2012-4658

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-57939 // JVNDB: JVNDB-2012-006197 // NVD: CVE-2012-4658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-454

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201404-454

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006197

PATCH

title:

Release Notes for Cisco IOS Release 15.1SY

url:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2012-006197

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4658	Trust: 2.9
db:	JVNDB	id:	JVNDB-2012-006197	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-454	Trust: 0.7
db:	BID	id:	78145	Trust: 0.5
db:	VULHUB	id:	VHN-57939	Trust: 0.1
db:	VULMON	id:	CVE-2012-4658	Trust: 0.1

sources: VULHUB: VHN-57939 // VULMON: CVE-2012-4658 // BID: 78145 // JVNDB: JVNDB-2012-006197 // CNNVD: CNNVD-201404-454 // NVD: CVE-2012-4658

REFERENCES

url:	http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1sy/release_notes.pdf	Trust: 2.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4658	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4658	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/78145	Trust: 0.1

sources: VULHUB: VHN-57939 // VULMON: CVE-2012-4658 // BID: 78145 // JVNDB: JVNDB-2012-006197 // CNNVD: CNNVD-201404-454 // NVD: CVE-2012-4658

CREDITS

Unknown

Trust: 0.3

sources: BID: 78145

SOURCES

db:	VULHUB	id:	VHN-57939
db:	VULMON	id:	CVE-2012-4658
db:	BID	id:	78145
db:	JVNDB	id:	JVNDB-2012-006197
db:	CNNVD	id:	CNNVD-201404-454
db:	NVD	id:	CVE-2012-4658

LAST UPDATE DATE

2025-04-13T23:14:52.449000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57939	date:	2014-04-23T00:00:00
db:	VULMON	id:	CVE-2012-4658	date:	2014-04-23T00:00:00
db:	BID	id:	78145	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006197	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-454	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2012-4658	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57939	date:	2014-04-23T00:00:00
db:	VULMON	id:	CVE-2012-4658	date:	2014-04-23T00:00:00
db:	BID	id:	78145	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006197	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-454	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2012-4658	date:	2014-04-23T11:52:59.150