Sign-up

ID

VAR-201209-0391


CVE

CVE-2012-3899


TITLE

Cisco IPS 4200 Operates on series sensors sensorApp Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-004407

DESCRIPTION

sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051. Intrustion Prevention software is prone to a denial-of-service vulnerability. Cisco IPS is the network intrusion protection module in the CiscoWorks VPN/Security management solution

Trust: 1.98

sources: NVD: CVE-2012-3899 // JVNDB: JVNDB-2012-004407 // BID: 78118 // VULHUB: VHN-57180

AFFECTED PRODUCTS

vendor:ciscomodel:intrusion prevention systemscope:eqversion:7.0

Trust: 1.9

vendor:ciscomodel:intrusion prevention systemscope:eqversion:6.0

Trust: 1.9

vendor:ciscomodel:intrusion prevention systemscope:eqversion:6.2

Trust: 1.6

vendor:ciscomodel:ips 4240scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ips 4250 sxscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ips 4270-20scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ips 4260scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ips 4255scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:intrusion prevention system softwarescope:eqversion:6.0

Trust: 0.8

vendor:ciscomodel:intrusion prevention system softwarescope:eqversion:6.2

Trust: 0.8

vendor:ciscomodel:intrusion prevention system softwarescope:eqversion:7.0

Trust: 0.8

vendor:ciscomodel:ips 4240scope: - version: -

Trust: 0.8

vendor:ciscomodel:ips 4250-sxscope: - version: -

Trust: 0.8

vendor:ciscomodel:ips 4255scope: - version: -

Trust: 0.8

vendor:ciscomodel:ips 4260scope: - version: -

Trust: 0.8

vendor:ciscomodel:ips 4270-20scope: - version: -

Trust: 0.8

vendor:ciscomodel:ipsscope:eqversion:4270-200

Trust: 0.3

vendor:ciscomodel:ipsscope:eqversion:42600

Trust: 0.3

vendor:ciscomodel:ipsscope:eqversion:42550

Trust: 0.3

vendor:ciscomodel:ips sxscope:eqversion:42500

Trust: 0.3

vendor:ciscomodel:ipsscope:eqversion:42400

Trust: 0.3

vendor:ciscomodel:intrustion prevention softwarescope:eqversion:6.2

Trust: 0.3

sources: BID: 78118 // JVNDB: JVNDB-2012-004407 // CNNVD: CNNVD-201209-357 // NVD: CVE-2012-3899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3899
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3899
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-357
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57180
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3899
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57180
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57180 // JVNDB: JVNDB-2012-004407 // CNNVD: CNNVD-201209-357 // NVD: CVE-2012-3899

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-57180 // JVNDB: JVNDB-2012-004407 // NVD: CVE-2012-3899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-357

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201209-357

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004407

PATCH
title:IPS 6.2(4)E4 SERVICE PACKurl:http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004407

EXTERNAL IDS
db:NVDid:CVE-2012-3899
Trust: 2.8
db:JVNDBid:JVNDB-2012-004407
Trust: 0.8
db:CNNVDid:CNNVD-201209-357
Trust: 0.7
db:BIDid:78118
Trust: 0.4
db:VULHUBid:VHN-57180
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57180 // 
            
            
            
            BID: 78118 // 
            
            
            
            JVNDB: JVNDB-2012-004407 // 
            
            
            
            CNNVD: CNNVD-201209-357 // 
            
            
            
            NVD: CVE-2012-3899

REFERENCES
url:http://www.cisco.com/web/software/282549758/51927/ips-6_2-4-e4-readme.txt
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3899
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3899
Trust: 0.8
sources:
            
            
            VULHUB: VHN-57180 // 
            
            
            
            BID: 78118 // 
            
            
            
            JVNDB: JVNDB-2012-004407 // 
            
            
            
            CNNVD: CNNVD-201209-357 // 
            
            
            
            NVD: CVE-2012-3899

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78118

SOURCES
db:VULHUBid:VHN-57180
db:BIDid:78118
db:JVNDBid:JVNDB-2012-004407
db:CNNVDid:CNNVD-201209-357
db:NVDid:CVE-2012-3899

LAST UPDATE DATE
2024-11-23T22:08:42.296000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57180date:2012-09-17T00:00:00
db:BIDid:78118date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004407date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-357date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3899date:2024-11-21T01:41:48.560

SOURCES RELEASE DATE
db:VULHUBid:VHN-57180date:2012-09-16T00:00:00
db:BIDid:78118date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004407date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-357date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3899date:2012-09-16T10:34:50.910