ID
VAR-201209-0195
CVE
CVE-2012-4617
TITLE
plural Cisco IOS Product BGP Service disruption in implementations (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. Cisco IOS is a popular Internet operating system. This Cisco bug ID is CSCtt35379, CSCty58300, CSCtz63248 and CSCtz62914. Successfully exploiting this issue will result in denial-of-service conditions
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios | scope: | eq | version: | 15.2 | Trust: 3.0 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.2 | Trust: 1.9 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2.1 | Trust: 1.9 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.1 | Trust: 1.9 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5.0s | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2.2 | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5.1s | Trust: 1.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2.0 | Trust: 1.6 |
| vendor: | cisco | model: | ios xe | scope: | lt | version: | 3.5.xs | Trust: 0.8 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.0 to 4.2.2 | Trust: 0.8 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.5.2s | Trust: 0.8 |
| vendor: | cisco | model: | ios xe 3.5.xs | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.0-4.2.2 | Trust: 0.6 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xr | scope: | eq | version: | 4.1.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe 3.5.1s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios xe 3.5.0s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 15.2s | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20120926-bgp | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp | Trust: 0.8 |
| title: | cisco-sa-20120926-bgp | url: | http://www.cisco.com/cisco/web/support/JP/111/1116/1116609_cisco-sa-20120926-bgp-j.html | Trust: 0.8 |
| title: | Patch for Cisco IOS Format Incorrect Attribute Remote Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/23314 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-4617 | Trust: 3.4 |
| db: | BID | id: | 55694 | Trust: 1.4 |
| db: | SECTRACK | id: | 1027576 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2012-004639 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201209-610 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2012-5482 | Trust: 0.6 |
| db: | CISCO | id: | 20120926 CISCO IOS SOFTWARE MALFORMED BORDER GATEWAY PROTOCOL ATTRIBUTE VULNERABILITY | Trust: 0.6 |
| db: | NSFOCUS | id: | 20887 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-57898 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120926-bgp | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/55694 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1027576 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4617 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4617 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/20887 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html | Trust: 0.3 |
CREDITS
The vendor reported this issue.
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2012-5482 |
| db: | VULHUB | id: | VHN-57898 |
| db: | BID | id: | 55694 |
| db: | JVNDB | id: | JVNDB-2012-004639 |
| db: | CNNVD | id: | CNNVD-201209-610 |
| db: | NVD | id: | CVE-2012-4617 |
LAST UPDATE DATE
2024-11-23T23:06:25.928000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-5482 | date: | 2012-09-28T00:00:00 |
| db: | VULHUB | id: | VHN-57898 | date: | 2013-02-14T00:00:00 |
| db: | BID | id: | 55694 | date: | 2012-09-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-004639 | date: | 2012-09-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201209-610 | date: | 2012-09-27T00:00:00 |
| db: | NVD | id: | CVE-2012-4617 | date: | 2024-11-21T01:43:16.217 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-5482 | date: | 2012-09-28T00:00:00 |
| db: | VULHUB | id: | VHN-57898 | date: | 2012-09-27T00:00:00 |
| db: | BID | id: | 55694 | date: | 2012-09-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-004639 | date: | 2012-09-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201209-610 | date: | 2012-09-27T00:00:00 |
| db: | NVD | id: | CVE-2012-4617 | date: | 2012-09-27T00:55:00.903 |