Sign-up

ID

VAR-201301-0040


CVE

CVE-2012-5429


TITLE

Windows upper Cisco VPN Client Service disruption in ( Kernel fault and System crash ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-001208

DESCRIPTION

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. A local attacker can exploit this issue to crash the system, resulting in denial-of-service conditions. This issue is being tracked by Cisco bug ID CSCuc81669. The vulnerability is caused by the program not interacting with the kernel properly

Trust: 2.07

sources: NVD: CVE-2012-5429 // JVNDB: JVNDB-2013-001208 // BID: 57483 // VULHUB: VHN-58710 // VULMON: CVE-2012-5429

AFFECTED PRODUCTS

vendor:ciscomodel:vpn clientscope: - version: -

Trust: 1.4

vendor:ciscomodel:vpn clientscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn client for windowsscope:eqversion:5.0.6.0100

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:5.0.3.0530

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:5.0.2.0090

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:5.0.1.0600

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.8.2.0010

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.8.2

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.8.1

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.8

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.7.0533

Trust: 0.3

vendor:ciscomodel:vpn client for windows cscope:eqversion:4.0.2

Trust: 0.3

vendor:ciscomodel:vpn client for windows ascope:eqversion:4.0.2

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.6.1

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.6

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.5.4

Trust: 0.3

vendor:ciscomodel:vpn client for windows bscope:eqversion:3.5.2

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.5.2

Trust: 0.3

vendor:ciscomodel:vpn client for windows cscope:eqversion:3.5.1

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.5.1

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.7

Trust: 0.3

vendor:ciscomodel:vpn client for windowsscope:eqversion:4.6

Trust: 0.3

sources: BID: 57483 // JVNDB: JVNDB-2013-001208 // CNNVD: CNNVD-201301-371 // NVD: CVE-2012-5429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5429
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5429
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-371
value: MEDIUM

Trust: 0.6

VULHUB: VHN-58710
value: MEDIUM

Trust: 0.1

VULMON: CVE-2012-5429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5429
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-58710
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58710 // VULMON: CVE-2012-5429 // JVNDB: JVNDB-2013-001208 // CNNVD: CNNVD-201301-371 // NVD: CVE-2012-5429

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-5429

THREAT TYPE

local

Trust: 0.9

sources: BID: 57483 // CNNVD: CNNVD-201301-371

TYPE

Design Error

Trust: 0.3

sources: BID: 57483

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001208

PATCH
title:Cisco VPN Client Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429
Trust: 0.8
title:Cisco: Cisco VPN Client Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20130122-CVE-2012-5429
Trust: 0.1
sources:
            
            
            VULMON: CVE-2012-5429 // 
            
            
            
            JVNDB: JVNDB-2013-001208

EXTERNAL IDS
db:NVDid:CVE-2012-5429
Trust: 2.9
db:JVNDBid:JVNDB-2013-001208
Trust: 0.8
db:CNNVDid:CNNVD-201301-371
Trust: 0.7
db:CISCOid:20130112 CISCO VPN CLIENT DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:BIDid:57483
Trust: 0.5
db:VULHUBid:VHN-58710
Trust: 0.1
db:VULMONid:CVE-2012-5429
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58710 // 
            
            
            
            VULMON: CVE-2012-5429 // 
            
            
            
            BID: 57483 // 
            
            
            
            JVNDB: JVNDB-2013-001208 // 
            
            
            
            CNNVD: CNNVD-201301-371 // 
            
            
            
            NVD: CVE-2012-5429

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-5429
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5429
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5429
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/secursw/ps2308/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/57483
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130122-cve-2012-5429
Trust: 0.1
sources:
            
            
            VULHUB: VHN-58710 // 
            
            
            
            VULMON: CVE-2012-5429 // 
            
            
            
            BID: 57483 // 
            
            
            
            JVNDB: JVNDB-2013-001208 // 
            
            
            
            CNNVD: CNNVD-201301-371 // 
            
            
            
            NVD: CVE-2012-5429

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 57483

SOURCES
db:VULHUBid:VHN-58710
db:VULMONid:CVE-2012-5429
db:BIDid:57483
db:JVNDBid:JVNDB-2013-001208
db:CNNVDid:CNNVD-201301-371
db:NVDid:CVE-2012-5429

LAST UPDATE DATE
2024-11-23T23:05:54.655000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-58710date:2013-01-18T00:00:00
db:VULMONid:CVE-2012-5429date:2013-01-18T00:00:00
db:BIDid:57483date:2013-01-22T08:30:00
db:JVNDBid:JVNDB-2013-001208date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-371date:2013-01-18T00:00:00
db:NVDid:CVE-2012-5429date:2024-11-21T01:44:40.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-58710date:2013-01-17T00:00:00
db:VULMONid:CVE-2012-5429date:2013-01-17T00:00:00
db:BIDid:57483date:2013-01-12T00:00:00
db:JVNDBid:JVNDB-2013-001208date:2013-01-22T00:00:00
db:CNNVDid:CNNVD-201301-371date:2013-01-18T00:00:00
db:NVDid:CVE-2012-5429date:2013-01-17T21:55:00.887