Details of VAR-201404-0034

ID

VAR-201404-0034

CVE

CVE-2012-5039

TITLE

Cisco IOS of BGP Service disruption in the router process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-006203

DESCRIPTION

The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches

Trust: 2.25

sources: NVD: CVE-2012-5039 // JVNDB: JVNDB-2012-006203 // CNVD: CNVD-2014-02673 // VULHUB: VHN-58320

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02673

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lte	version:	12.2\(50\)sy	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lt	version:	12.2(50)sy1	Trust: 0.8
vendor:	cisco	model:	ios 12.2 sy1	scope:	lt	version:	-	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(50\)sy	Trust: 0.6

sources: CNVD: CNVD-2014-02673 // JVNDB: JVNDB-2012-006203 // CNNVD: CNNVD-201404-458 // NVD: CVE-2012-5039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5039
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5039
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02673
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-458
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58320
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5039
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02673
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-58320
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02673 // VULHUB: VHN-58320 // JVNDB: JVNDB-2012-006203 // CNNVD: CNNVD-201404-458 // NVD: CVE-2012-5039

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-58320 // JVNDB: JVNDB-2012-006203 // NVD: CVE-2012-5039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-458

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201404-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006203

PATCH

title:	Release Notes for Cisco IOS Release 12.2(50)SY and Rebuilds for Supervisor Engine 2T-10GE	url:	http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/release/notes/ol_20679.html	Trust: 0.8
title:	Patch for Cisco IOS BGP Router Process Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45184	Trust: 0.6

sources: CNVD: CNVD-2014-02673 // JVNDB: JVNDB-2012-006203

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5039	Trust: 3.1
db:	JVNDB	id:	JVNDB-2012-006203	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-458	Trust: 0.7
db:	CNVD	id:	CNVD-2014-02673	Trust: 0.6
db:	VULHUB	id:	VHN-58320	Trust: 0.1

sources: CNVD: CNVD-2014-02673 // VULHUB: VHN-58320 // JVNDB: JVNDB-2012-006203 // CNNVD: CNNVD-201404-458 // NVD: CVE-2012-5039

REFERENCES

url:	http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2sy/release/notes/ol_20679.html	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5039	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5039	Trust: 0.8
url:	http://www.cisco.com/go/psirt	Trust: 0.6

sources: CNVD: CNVD-2014-02673 // VULHUB: VHN-58320 // JVNDB: JVNDB-2012-006203 // CNNVD: CNNVD-201404-458 // NVD: CVE-2012-5039

SOURCES

db:	CNVD	id:	CNVD-2014-02673
db:	VULHUB	id:	VHN-58320
db:	JVNDB	id:	JVNDB-2012-006203
db:	CNNVD	id:	CNNVD-201404-458
db:	NVD	id:	CVE-2012-5039

LAST UPDATE DATE

2025-04-13T23:05:10.907000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02673	date:	2014-04-28T00:00:00
db:	VULHUB	id:	VHN-58320	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006203	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-458	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2012-5039	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02673	date:	2014-04-28T00:00:00
db:	VULHUB	id:	VHN-58320	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006203	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-458	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2012-5039	date:	2014-04-23T11:52:59.180