Sign-up

ID

VAR-201404-0040


CVE

CVE-2012-3946


TITLE

Cisco IOS Interface ACL Vulnerabilities that can be bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2012-006207

DESCRIPTION

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. Cisco IOS Has an interface ACL A vulnerability exists that circumvents the restriction. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue allows remote attackers to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCty73682

Trust: 2.52

sources: NVD: CVE-2012-3946 // JVNDB: JVNDB-2012-006207 // CNVD: CNVD-2014-03284 // BID: 68261 // VULHUB: VHN-57227

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03284

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:15.3

Trust: 1.0

vendor:ciscomodel:iosscope:ltversion:15.3(2)s

Trust: 0.8

vendor:ciscomodel:ios 15.3 sscope:ltversion: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.3

Trust: 0.6

sources: CNVD: CNVD-2014-03284 // JVNDB: JVNDB-2012-006207 // CNNVD: CNNVD-201404-493 // NVD: CVE-2012-3946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3946
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3946
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03284
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-493
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57227
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03284
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-57227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03284 // VULHUB: VHN-57227 // JVNDB: JVNDB-2012-006207 // CNNVD: CNNVD-201404-493 // NVD: CVE-2012-3946

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-57227 // JVNDB: JVNDB-2012-006207 // NVD: CVE-2012-3946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-493

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201404-493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006207

PATCH
title:Release 15.3(2)S Caveatsurl:http://www.cisco.com/c/en/us/td/docs/ios/15_3s/release/notes/15_3s_rel_notes/15_3s_caveats_15_3_2s.html
Trust: 0.8
title:Patch for Cisco IOS Permission Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45915
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03284 // 
            
            
            
            JVNDB: JVNDB-2012-006207

EXTERNAL IDS
db:NVDid:CVE-2012-3946
Trust: 3.4
db:BIDid:68261
Trust: 1.0
db:JVNDBid:JVNDB-2012-006207
Trust: 0.8
db:CNNVDid:CNNVD-201404-493
Trust: 0.7
db:CNVDid:CNVD-2014-03284
Trust: 0.6
db:VULHUBid:VHN-57227
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03284 // 
            
            
            
            VULHUB: VHN-57227 // 
            
            
            
            BID: 68261 // 
            
            
            
            JVNDB: JVNDB-2012-006207 // 
            
            
            
            CNNVD: CNNVD-201404-493 // 
            
            
            
            NVD: CVE-2012-3946

REFERENCES
url:http://www.cisco.com/c/en/us/td/docs/ios/15_3s/release/notes/15_3s_rel_notes/15_3s_caveats_15_3_2s.html
Trust: 2.0
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3946
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3946
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03284 // 
            
            
            
            VULHUB: VHN-57227 // 
            
            
            
            BID: 68261 // 
            
            
            
            JVNDB: JVNDB-2012-006207 // 
            
            
            
            CNNVD: CNNVD-201404-493 // 
            
            
            
            NVD: CVE-2012-3946

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68261

SOURCES
db:CNVDid:CNVD-2014-03284
db:VULHUBid:VHN-57227
db:BIDid:68261
db:JVNDBid:JVNDB-2012-006207
db:CNNVDid:CNNVD-201404-493
db:NVDid:CVE-2012-3946

LAST UPDATE DATE
2025-04-12T23:29:41.520000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03284date:2014-05-28T00:00:00
db:VULHUBid:VHN-57227date:2014-04-24T00:00:00
db:BIDid:68261date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2012-006207date:2014-04-28T00:00:00
db:CNNVDid:CNNVD-201404-493date:2014-04-28T00:00:00
db:NVDid:CVE-2012-3946date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03284date:2014-05-28T00:00:00
db:VULHUBid:VHN-57227date:2014-04-24T00:00:00
db:BIDid:68261date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2012-006207date:2014-04-28T00:00:00
db:CNNVDid:CNNVD-201404-493date:2014-04-28T00:00:00
db:NVDid:CVE-2012-3946date:2014-04-24T10:55:02.290