Details of VAR-201706-0002

ID

VAR-201706-0002

CVE

CVE-2012-5010

TITLE

Cisco Adaptive Security Appliance Vulnerabilities related to security functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2012-006362

DESCRIPTION

ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions. Cisco ASA is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Security vulnerabilities exist in several Cisco products

Trust: 1.98

sources: NVD: CVE-2012-5010 // JVNDB: JVNDB-2012-006362 // BID: 99332 // VULHUB: VHN-58291

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.0(1.2)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.0(1.1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.2	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.0	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.3	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.2.4	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.1(1.2)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.4.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(4)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55009.4	Trust: 0.3

sources: BID: 99332 // JVNDB: JVNDB-2012-006362 // CNNVD: CNNVD-201706-1130 // NVD: CVE-2012-5010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5010
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-5010
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201706-1130
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58291
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5010
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58291
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2012-5010
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-58291 // JVNDB: JVNDB-2012-006362 // CNNVD: CNNVD-201706-1130 // NVD: CVE-2012-5010

PROBLEMTYPE DATA

problemtype:

CWE-254

Trust: 1.9

sources: VULHUB: VHN-58291 // JVNDB: JVNDB-2012-006362 // NVD: CVE-2012-5010

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201706-1130

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-1130

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006362

PATCH

title:

Cisco 適応型セキュリティアプライアンス（ASA）ソフトウェア

url:

http://www.cisco.com/c/ja_jp/products/security/adaptive-security-appliance-asa-software/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-006362

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5010	Trust: 2.8
db:	BID	id:	99332	Trust: 1.4
db:	JVNDB	id:	JVNDB-2012-006362	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-1130	Trust: 0.7
db:	VULHUB	id:	VHN-58291	Trust: 0.1

sources: VULHUB: VHN-58291 // BID: 99332 // JVNDB: JVNDB-2012-006362 // CNNVD: CNNVD-201706-1130 // NVD: CVE-2012-5010

REFERENCES

url:	https://icisystem.blogspot.com/2016/01/cisco-notification-alert-asa-5500.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/99332	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5010	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5010	Trust: 0.8
url:	https://icisystem.blogspot.jp/2016/01/cisco-notification-alert-asa-5500.html	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://icisystem.blogspot.in/2016/01/cisco-notification-alert-asa-5500.html	Trust: 0.3
url:	https://bst.cloudapps.cisco.com/bugsearch/bug/cscuc11186?emailclick=cnsemail	Trust: 0.3

sources: VULHUB: VHN-58291 // BID: 99332 // JVNDB: JVNDB-2012-006362 // CNNVD: CNNVD-201706-1130 // NVD: CVE-2012-5010

CREDITS

Cisco

Trust: 0.3

sources: BID: 99332

SOURCES

db:	VULHUB	id:	VHN-58291
db:	BID	id:	99332
db:	JVNDB	id:	JVNDB-2012-006362
db:	CNNVD	id:	CNNVD-201706-1130
db:	NVD	id:	CVE-2012-5010

LAST UPDATE DATE

2024-08-14T13:46:44.361000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58291	date:	2017-07-06T00:00:00
db:	BID	id:	99332	date:	2017-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-006362	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201706-1130	date:	2017-07-14T00:00:00
db:	NVD	id:	CVE-2012-5010	date:	2023-08-11T19:03:30.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58291	date:	2017-06-27T00:00:00
db:	BID	id:	99332	date:	2017-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-006362	date:	2017-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201706-1130	date:	2017-06-27T00:00:00
db:	NVD	id:	CVE-2012-5010	date:	2017-06-27T20:29:00.230