Details of VAR-201310-0015

ID

VAR-201310-0015

CVE

CVE-2012-4098

TITLE

Cisco NX-OS Border Gateway Protocol Component Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-13596 // BID: 62858

DESCRIPTION

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploitation of the vulnerability allows the downstream peer to reset the BGP link of the affected device. Cisco NX-OS is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. This issue is being tracked by Cisco bug ID CSCtn13055. The vulnerability is caused by the program not correctly filtering the AS path attribute value

Trust: 2.52

sources: NVD: CVE-2012-4098 // JVNDB: JVNDB-2013-004522 // CNVD: CNVD-2013-13596 // BID: 62858 // VULHUB: VHN-57379

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13596

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-13596 // BID: 62858 // JVNDB: JVNDB-2013-004522 // CNNVD: CNNVD-201310-017 // NVD: CVE-2012-4098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4098
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4098
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13596
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-017
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57379
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4098
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13596
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57379
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13596 // VULHUB: VHN-57379 // JVNDB: JVNDB-2013-004522 // CNNVD: CNNVD-201310-017 // NVD: CVE-2012-4098

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-57379 // JVNDB: JVNDB-2013-004522 // NVD: CVE-2012-4098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-017

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-017

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004522

PATCH

title:	Cisco NX-OS Software BGP Denial of Service Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098	Trust: 0.8
title:	Patch for Cisco NX-OS Border Gateway Protocol Component Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40084	Trust: 0.6

sources: CNVD: CNVD-2013-13596 // JVNDB: JVNDB-2013-004522

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4098	Trust: 3.4
db:	OSVDB	id:	98129	Trust: 1.1
db:	BID	id:	62858	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004522	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-017	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13596	Trust: 0.6
db:	CISCO	id:	20131004 CISCO NX-OS SOFTWARE BGP DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57379	Trust: 0.1

sources: CNVD: CNVD-2013-13596 // VULHUB: VHN-57379 // BID: 62858 // JVNDB: JVNDB-2013-004522 // CNNVD: CNNVD-201310-017 // NVD: CVE-2012-4098

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4098	Trust: 2.6
url:	http://osvdb.org/98129	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87675	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4098	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4098	Trust: 0.8
url:	http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctn13055	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2013-13596 // VULHUB: VHN-57379 // BID: 62858 // JVNDB: JVNDB-2013-004522 // CNNVD: CNNVD-201310-017 // NVD: CVE-2012-4098

CREDITS

Cisco

Trust: 0.3

sources: BID: 62858

SOURCES

db:	CNVD	id:	CNVD-2013-13596
db:	VULHUB	id:	VHN-57379
db:	BID	id:	62858
db:	JVNDB	id:	JVNDB-2013-004522
db:	CNNVD	id:	CNNVD-201310-017
db:	NVD	id:	CVE-2012-4098

LAST UPDATE DATE

2024-08-14T14:28:01.302000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13596	date:	2013-10-12T00:00:00
db:	VULHUB	id:	VHN-57379	date:	2017-08-29T00:00:00
db:	BID	id:	62858	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004522	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-017	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2012-4098	date:	2017-08-29T01:32:10.103

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13596	date:	2013-10-11T00:00:00
db:	VULHUB	id:	VHN-57379	date:	2013-10-05T00:00:00
db:	BID	id:	62858	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004522	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-017	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2012-4098	date:	2013-10-05T10:55:03.387