Details of VAR-201404-0063

ID

VAR-201404-0063

CVE

CVE-2012-1366

TITLE

ASR 1000 Run on device Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-006192

DESCRIPTION

Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. IOS is prone to a denial-of-service vulnerability. A security vulnerability exists in Cisco IOS Release 15.1(1) on ASR 1000 devices

Trust: 2.52

sources: NVD: CVE-2012-1366 // JVNDB: JVNDB-2012-006192 // CNVD: CNVD-2014-02643 // BID: 78241 // VULHUB: VHN-54647

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02643

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.5
vendor:	cisco	model:	asr 1002 fixed router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1013	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1006	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 9000 rsp440 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1023 router	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1002-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	asr 1001 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 fixed router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1002-x router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1004 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1006 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1013 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 1023 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 9000 series rsp440	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	lt	version:	15.1(1)sy	Trust: 0.8
vendor:	cisco	model:	asr router	scope:	eq	version:	1001	Trust: 0.6
vendor:	cisco	model:	asr router	scope:	eq	version:	1002-x	Trust: 0.6
vendor:	cisco	model:	asr fixed router	scope:	eq	version:	1002	Trust: 0.6
vendor:	cisco	model:	asr router	scope:	eq	version:	1002	Trust: 0.6
vendor:	cisco	model:	asr router	scope:	eq	version:	1004	Trust: 0.6
vendor:	cisco	model:	asr router	scope:	eq	version:	1006	Trust: 0.6
vendor:	cisco	model:	asr router	scope:	eq	version:	1023	Trust: 0.6
vendor:	cisco	model:	asr rsp440 router	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	asr rsp440 router	scope:	eq	version:	9000-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1023-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1013-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1006-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1004-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1002-x-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1002-	Trust: 0.3
vendor:	cisco	model:	asr fixed router	scope:	eq	version:	1002-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	1001-	Trust: 0.3

sources: CNVD: CNVD-2014-02643 // BID: 78241 // JVNDB: JVNDB-2012-006192 // CNNVD: CNNVD-201404-448 // NVD: CVE-2012-1366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1366
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1366
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02643
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-448
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54647
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1366
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02643
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-54647
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02643 // VULHUB: VHN-54647 // JVNDB: JVNDB-2012-006192 // CNNVD: CNNVD-201404-448 // NVD: CVE-2012-1366

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-54647 // JVNDB: JVNDB-2012-006192 // NVD: CVE-2012-1366

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-448

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 78241 // CNNVD: CNNVD-201404-448

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006192

PATCH

title:	Release Notes for Cisco IOS Release 15.1SY	url:	http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf	Trust: 0.8
title:	Patch for Cisco IOS Denial of Service Vulnerability (CNVD-2014-02643)	url:	https://www.cnvd.org.cn/patchInfo/show/45176	Trust: 0.6
title:	Cisco IOS on ASR 1000 devices Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164609	Trust: 0.6

sources: CNVD: CNVD-2014-02643 // JVNDB: JVNDB-2012-006192 // CNNVD: CNNVD-201404-448

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1366	Trust: 3.4
db:	JVNDB	id:	JVNDB-2012-006192	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-448	Trust: 0.7
db:	CNVD	id:	CNVD-2014-02643	Trust: 0.6
db:	BID	id:	78241	Trust: 0.4
db:	VULHUB	id:	VHN-54647	Trust: 0.1

sources: CNVD: CNVD-2014-02643 // VULHUB: VHN-54647 // BID: 78241 // JVNDB: JVNDB-2012-006192 // CNNVD: CNNVD-201404-448 // NVD: CVE-2012-1366

REFERENCES

url:	http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1sy/release_notes.pdf	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1366	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1366	Trust: 0.8

sources: CNVD: CNVD-2014-02643 // VULHUB: VHN-54647 // BID: 78241 // JVNDB: JVNDB-2012-006192 // CNNVD: CNNVD-201404-448 // NVD: CVE-2012-1366

CREDITS

Unknown

Trust: 0.3

sources: BID: 78241

SOURCES

db:	CNVD	id:	CNVD-2014-02643
db:	VULHUB	id:	VHN-54647
db:	BID	id:	78241
db:	JVNDB	id:	JVNDB-2012-006192
db:	CNNVD	id:	CNNVD-201404-448
db:	NVD	id:	CVE-2012-1366

LAST UPDATE DATE

2024-08-14T14:34:10.262000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02643	date:	2014-04-25T00:00:00
db:	VULHUB	id:	VHN-54647	date:	2014-04-23T00:00:00
db:	BID	id:	78241	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006192	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-448	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2012-1366	date:	2021-10-05T14:51:27.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02643	date:	2014-04-25T00:00:00
db:	VULHUB	id:	VHN-54647	date:	2014-04-23T00:00:00
db:	BID	id:	78241	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2012-006192	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-448	date:	2014-04-25T00:00:00
db:	NVD	id:	CVE-2012-1366	date:	2014-04-23T11:52:59.010