Details of VAR-201208-0702

ID

VAR-201208-0702

CVE

CVE-2012-1357

TITLE

Cisco Nexus Device Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4132

DESCRIPTION

The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The attacker can perform a denial of service attack through IGMP messages, which can cause device overload

Trust: 2.7

sources: NVD: CVE-2012-1357 // JVNDB: JVNDB-2012-003472 // CNVD: CNVD-2012-4132 // BID: 54825 // IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-54638

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4132

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 2.7
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1	Trust: 2.4
vendor:	cisco	model:	nexus 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.x	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 n1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2(1)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 n2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(0.54)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 u2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 u1	scope:	-	version:	-	Trust: 0.3
vendor:	nx os	model:	-	scope:	eq	version:	5.0	Trust: 0.2
vendor:	nx os	model:	-	scope:	eq	version:	5.1	Trust: 0.2
vendor:	nexus 5000	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4132 // BID: 54825 // JVNDB: JVNDB-2012-003472 // CNNVD: CNNVD-201208-040 // NVD: CVE-2012-1357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1357
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1357
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-040
value:	MEDIUM
Trust: 0.6
IVD:	8e77046a-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-54638
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1357
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	8e77046a-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-54638
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-54638 // JVNDB: JVNDB-2012-003472 // CNNVD: CNNVD-201208-040 // NVD: CVE-2012-1357

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-54638 // JVNDB: JVNDB-2012-003472 // NVD: CVE-2012-1357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-040

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201208-040

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003472

PATCH

title:	Cisco Nexus 5000 Series and Cisco Nexus 2000 Series Release Notes	url:	http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N1_1/Nexus5000_Release_Notes_5_1_3_N1.pdf	Trust: 0.8
title:	Patch for Cisco Nexus Device Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/19569	Trust: 0.6

sources: CNVD: CNVD-2012-4132 // JVNDB: JVNDB-2012-003472

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1357	Trust: 3.6
db:	CNNVD	id:	CNNVD-201208-040	Trust: 0.9
db:	CNVD	id:	CNVD-2012-4132	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003472	Trust: 0.8
db:	NSFOCUS	id:	20243	Trust: 0.6
db:	BID	id:	54825	Trust: 0.4
db:	IVD	id:	8E77046A-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-54638	Trust: 0.1

sources: IVD: 8e77046a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4132 // VULHUB: VHN-54638 // BID: 54825 // JVNDB: JVNDB-2012-003472 // CNNVD: CNNVD-201208-040 // NVD: CVE-2012-1357

REFERENCES

url:	http://www.cisco.com/en/us/docs/switches/datacenter/nexus5000/sw/release/notes/rel_5_1_3_n1_1/nexus5000_release_notes_5_1_3_n1.pdf	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1357	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1357	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20243	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps9670/	Trust: 0.3

sources: CNVD: CNVD-2012-4132 // VULHUB: VHN-54638 // BID: 54825 // JVNDB: JVNDB-2012-003472 // CNNVD: CNNVD-201208-040 // NVD: CVE-2012-1357

CREDITS

Cisco

Trust: 0.3

sources: BID: 54825

SOURCES

db:	IVD	id:	8e77046a-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-4132
db:	VULHUB	id:	VHN-54638
db:	BID	id:	54825
db:	JVNDB	id:	JVNDB-2012-003472
db:	CNNVD	id:	CNNVD-201208-040
db:	NVD	id:	CVE-2012-1357

LAST UPDATE DATE

2024-11-23T23:10:02.108000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4132	date:	2012-08-08T00:00:00
db:	VULHUB	id:	VHN-54638	date:	2012-08-07T00:00:00
db:	BID	id:	54825	date:	2015-03-19T08:42:00
db:	JVNDB	id:	JVNDB-2012-003472	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-040	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1357	date:	2024-11-21T01:36:50.800

SOURCES RELEASE DATE

db:	IVD	id:	8e77046a-2353-11e6-abef-000c29c66e3d	date:	2012-08-08T00:00:00
db:	CNVD	id:	CNVD-2012-4132	date:	2012-08-08T00:00:00
db:	VULHUB	id:	VHN-54638	date:	2012-08-06T00:00:00
db:	BID	id:	54825	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2012-003472	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-040	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-1357	date:	2012-08-06T18:55:01.023