Sign-up

ID

VAR-201303-0052


CVE

CVE-2012-6026


TITLE

Cisco Aironet Access point HTTP Profiler Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-001735

DESCRIPTION

The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460. Cisco Aironet Access Points are Cisco's wireless access point and bridge devices. Allows an attacker to reload an affected device, causing a denial of service attack. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuc62460

Trust: 2.52

sources: NVD: CVE-2012-6026 // JVNDB: JVNDB-2013-001735 // CNVD: CNVD-2013-01417 // BID: 58245 // VULHUB: VHN-59307

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01417

AFFECTED PRODUCTS

vendor:ciscomodel:aironet access point softwarescope:eqversion:12.4

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:15.2

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:7.4

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:7.3

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:lteversion:15.2

Trust: 0.8

vendor:ciscomodel:aironet access pointsscope:eqversion:7.x

Trust: 0.6

sources: CNVD: CNVD-2013-01417 // JVNDB: JVNDB-2013-001735 // CNNVD: CNNVD-201303-007 // NVD: CVE-2012-6026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6026
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-6026
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201303-007
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-6026
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59307
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59307 // JVNDB: JVNDB-2013-001735 // CNNVD: CNNVD-201303-007 // NVD: CVE-2012-6026

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-59307 // JVNDB: JVNDB-2013-001735 // NVD: CVE-2012-6026

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201303-007

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201303-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001735

PATCH
title:Cisco Aironoet Access Point Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026
Trust: 0.8
title:28436url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28436
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001735

EXTERNAL IDS
db:NVDid:CVE-2012-6026
Trust: 3.4
db:JVNDBid:JVNDB-2013-001735
Trust: 0.8
db:CNNVDid:CNNVD-201303-007
Trust: 0.7
db:CNVDid:CNVD-2013-01417
Trust: 0.6
db:CISCOid:20130228 CISCO AIRONOET ACCESS POINT DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:SECUNIAid:52435
Trust: 0.6
db:BIDid:58245
Trust: 0.4
db:VULHUBid:VHN-59307
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-01417 // 
            
            
            
            VULHUB: VHN-59307 // 
            
            
            
            BID: 58245 // 
            
            
            
            JVNDB: JVNDB-2013-001735 // 
            
            
            
            CNNVD: CNNVD-201303-007 // 
            
            
            
            NVD: CVE-2012-6026

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-6026
Trust: 2.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=28436
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6026
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6026
Trust: 0.8
url:http://secunia.com/advisories/52435
Trust: 0.6
url:http://www.cisco.com/cisco/web/solutions/small_business/products/wireless/aironet_series_access_points/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-01417 // 
            
            
            
            VULHUB: VHN-59307 // 
            
            
            
            BID: 58245 // 
            
            
            
            JVNDB: JVNDB-2013-001735 // 
            
            
            
            CNNVD: CNNVD-201303-007 // 
            
            
            
            NVD: CVE-2012-6026

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 58245

SOURCES
db:CNVDid:CNVD-2013-01417
db:VULHUBid:VHN-59307
db:BIDid:58245
db:JVNDBid:JVNDB-2013-001735
db:CNNVDid:CNNVD-201303-007
db:NVDid:CVE-2012-6026

LAST UPDATE DATE
2024-11-23T22:39:06.456000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01417date:2013-03-05T00:00:00
db:VULHUBid:VHN-59307date:2013-03-05T00:00:00
db:BIDid:58245date:2013-03-01T00:00:00
db:JVNDBid:JVNDB-2013-001735date:2013-03-06T00:00:00
db:CNNVDid:CNNVD-201303-007date:2013-03-05T00:00:00
db:NVDid:CVE-2012-6026date:2024-11-21T01:45:38.897

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-01417date:2013-03-05T00:00:00
db:VULHUBid:VHN-59307date:2013-03-05T00:00:00
db:BIDid:58245date:2013-03-01T00:00:00
db:JVNDBid:JVNDB-2013-001735date:2013-03-06T00:00:00
db:CNNVDid:CNNVD-201303-007date:2013-03-04T00:00:00
db:NVDid:CVE-2012-6026date:2013-03-05T05:04:04.077