Sign-up

ID

VAR-201208-0139


CVE

CVE-2012-2474


TITLE

Cisco ASA 5500 Service disruption in series devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-003463

DESCRIPTION

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. Successful exploits may allow an attacker to cause excessive memory consumption, resulting in a denial-of-service condition. This issue being tracked by Cisco bug ID CSCth34278

Trust: 1.98

sources: NVD: CVE-2012-2474 // JVNDB: JVNDB-2012-003463 // BID: 54840 // VULHUB: VHN-55755

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(2\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(5\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4.4\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(1\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(3.9\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(2\)

Trust: 1.0

vendor:ciscomodel:5500 series adaptive security appliancescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4.1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance 5500 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2 to 8.4

Trust: 0.8

vendor:ciscomodel:5500 series adaptive security appliancescope: - version: -

Trust: 0.6

vendor:ciscomodel:asa series adaptive security appliancescope:eqversion:55008.4

Trust: 0.3

vendor:ciscomodel:asa series adaptive security appliancescope:eqversion:55008.3

Trust: 0.3

vendor:ciscomodel:asa series adaptive security appliancescope:eqversion:55008.2

Trust: 0.3

sources: BID: 54840 // JVNDB: JVNDB-2012-003463 // CNNVD: CNNVD-201208-031 // NVD: CVE-2012-2474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2474
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-2474
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-031
value: MEDIUM

Trust: 0.6

VULHUB: VHN-55755
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2474
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55755
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55755 // JVNDB: JVNDB-2012-003463 // CNNVD: CNNVD-201208-031 // NVD: CVE-2012-2474

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-55755 // JVNDB: JVNDB-2012-003463 // NVD: CVE-2012-2474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-031

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201208-031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003463

PATCH
title:Cisco ASA Interim Release Notesurl:http://www.cisco.com/web/software/280775065/45357/ASA-825-Interim-Release-Notes.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003463

EXTERNAL IDS
db:NVDid:CVE-2012-2474
Trust: 2.8
db:JVNDBid:JVNDB-2012-003463
Trust: 0.8
db:CNNVDid:CNNVD-201208-031
Trust: 0.7
db:NSFOCUSid:20253
Trust: 0.6
db:BIDid:54840
Trust: 0.4
db:VULHUBid:VHN-55755
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55755 // 
            
            
            
            BID: 54840 // 
            
            
            
            JVNDB: JVNDB-2012-003463 // 
            
            
            
            CNNVD: CNNVD-201208-031 // 
            
            
            
            NVD: CVE-2012-2474

REFERENCES
url:http://www.cisco.com/web/software/280775065/45357/asa-825-interim-release-notes.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2474
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2474
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20253
Trust: 0.6
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-55755 // 
            
            
            
            BID: 54840 // 
            
            
            
            JVNDB: JVNDB-2012-003463 // 
            
            
            
            CNNVD: CNNVD-201208-031 // 
            
            
            
            NVD: CVE-2012-2474

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 54840

SOURCES
db:VULHUBid:VHN-55755
db:BIDid:54840
db:JVNDBid:JVNDB-2012-003463
db:CNNVDid:CNNVD-201208-031
db:NVDid:CVE-2012-2474

LAST UPDATE DATE
2024-11-23T22:23:23.129000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55755date:2012-08-07T00:00:00
db:BIDid:54840date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2012-003463date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-031date:2012-08-07T00:00:00
db:NVDid:CVE-2012-2474date:2024-11-21T01:39:08.510

SOURCES RELEASE DATE
db:VULHUBid:VHN-55755date:2012-08-06T00:00:00
db:BIDid:54840date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2012-003463date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-031date:2012-08-07T00:00:00
db:NVDid:CVE-2012-2474date:2012-08-06T17:55:01.010