Sign-up

ID

VAR-201208-0697


CVE

CVE-2012-1342


TITLE

Cisco Carrier Routing System Vulnerabilities that prevent access control list entries

Trust: 0.8

sources: JVNDB: JVNDB-2011-005108

DESCRIPTION

Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. The Cisco Carrier Routing System is a carrier-grade routing system. An attacker can exploit this issue to bypass certain security restrictions. This issue is being tracked by Cisco BugID CSCtj10975

Trust: 2.52

sources: NVD: CVE-2012-1342 // JVNDB: JVNDB-2011-005108 // CNVD: CNVD-2012-4123 // BID: 54852 // VULHUB: VHN-54623

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-4123

AFFECTED PRODUCTS

vendor:ciscomodel:carrier routing systemscope:eqversion:4.1

Trust: 2.3

vendor:ciscomodel:carrier routing systemscope:eqversion:4.0

Trust: 2.3

vendor:ciscomodel:carrier routing systemscope:eqversion:3.9

Trust: 2.3

vendor:ciscomodel:carrier routing systemscope:eqversion:4.1.0

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:4.0.0

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:3.9.0

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:neversion:3.9.2

Trust: 0.3

sources: CNVD: CNVD-2012-4123 // BID: 54852 // JVNDB: JVNDB-2011-005108 // CNNVD: CNNVD-201208-028 // NVD: CVE-2012-1342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1342
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1342
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-028
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1342
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54623
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2012-1342
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-54623 // JVNDB: JVNDB-2011-005108 // CNNVD: CNNVD-201208-028 // NVD: CVE-2012-1342

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-54623 // JVNDB: JVNDB-2011-005108 // NVD: CVE-2012-1342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-028

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201208-028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005108

PATCH
title:Cisco CRS-1 8-Slot Line Card Chassisurl:http://www.cisco.com/cisco/software/release.html?mdfid=279506669&catid=268437899&flowid=1915&reltype=all&relind=AVAILABLE&release=3.9.2&softwareid=280867577
Trust: 0.8
title:Cisco Carrier Routing System ACL bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/19562
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-4123 // 
            
            
            
            JVNDB: JVNDB-2011-005108

EXTERNAL IDS
db:NVDid:CVE-2012-1342
Trust: 3.4
db:JVNDBid:JVNDB-2011-005108
Trust: 0.8
db:CNNVDid:CNNVD-201208-028
Trust: 0.7
db:CNVDid:CNVD-2012-4123
Trust: 0.6
db:BIDid:54852
Trust: 0.4
db:VULHUBid:VHN-54623
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4123 // 
            
            
            
            VULHUB: VHN-54623 // 
            
            
            
            BID: 54852 // 
            
            
            
            JVNDB: JVNDB-2011-005108 // 
            
            
            
            CNNVD: CNNVD-201208-028 // 
            
            
            
            NVD: CVE-2012-1342

REFERENCES
url:http://www.cisco.com/cisco/software/release.html?mdfid=279506669&catid=268437899&flowid=1915&reltype=all&relind=available&release=3.9.2&softwareid=280867577
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1342
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1342
Trust: 0.8
url:http://www.cisco.com/cisco/software/release.html?mdfid=279506669
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps5763/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/cisco/software/release.html?mdfid=279506669&catid=268437899&flowid=1915&reltype=all&relind=available&release=3.9.2&softwareid=280867577
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4123 // 
            
            
            
            VULHUB: VHN-54623 // 
            
            
            
            BID: 54852 // 
            
            
            
            JVNDB: JVNDB-2011-005108 // 
            
            
            
            CNNVD: CNNVD-201208-028 // 
            
            
            
            NVD: CVE-2012-1342

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 54852

SOURCES
db:CNVDid:CNVD-2012-4123
db:VULHUBid:VHN-54623
db:BIDid:54852
db:JVNDBid:JVNDB-2011-005108
db:CNNVDid:CNNVD-201208-028
db:NVDid:CVE-2012-1342

LAST UPDATE DATE
2024-11-23T22:27:31.495000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4123date:2012-08-08T00:00:00
db:VULHUBid:VHN-54623date:2020-03-24T00:00:00
db:BIDid:54852date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2011-005108date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-028date:2019-09-30T00:00:00
db:NVDid:CVE-2012-1342date:2024-11-21T01:36:50.260

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-4123date:2012-08-08T00:00:00
db:VULHUBid:VHN-54623date:2012-08-06T00:00:00
db:BIDid:54852date:2012-08-06T00:00:00
db:JVNDBid:JVNDB-2011-005108date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-028date:2012-08-07T00:00:00
db:NVDid:CVE-2012-1342date:2012-08-06T17:55:00.867