Sign-up

ID

VAR-202001-0086


CVE

CVE-2012-0334


TITLE

Cisco IronPort Web Security Appliance AsyncOS Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2012-006565

DESCRIPTION

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks. The Cisco IronPort WSA handles the key pair cache improperly. An attacker can forge any domain certificate through a man-in-the-middle attack to obtain encrypted sensitive information. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine. AsyncOS is an operating system that runs on it. A remote attacker could exploit this vulnerability to perform a man-in-the-middle attack by injecting newly created credentials into a server-side session

Trust: 2.52

sources: NVD: CVE-2012-0334 // JVNDB: JVNDB-2012-006565 // CNVD: CNVD-2012-1837 // BID: 52981 // VULHUB: VHN-53615

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-1837

AFFECTED PRODUCTS

vendor:ciscomodel:ironport web security appliancescope:ltversion:7.5

Trust: 1.8

vendor:ciscomodel:ironport web security appliancescope:eqversion:7.x

Trust: 0.6

sources: CNVD: CNVD-2012-1837 // JVNDB: JVNDB-2012-006565 // NVD: CVE-2012-0334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0334
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0334
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-135
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53615
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-0334
severity: LOW
baseScore: 3.2
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53615
severity: LOW
baseScore: 3.2
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2012-0334
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2012-0334
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-53615 // JVNDB: JVNDB-2012-006565 // CNNVD: CNNVD-201204-135 // NVD: CVE-2012-0334

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-53615 // JVNDB: JVNDB-2012-006565 // NVD: CVE-2012-0334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-135

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201204-135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006565

PATCH
title:Cisco-SA-20120412-CVE-2012-0334url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334
Trust: 0.8
title:Cisco IronPort Web Security Appliance AsyncOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118082
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-006565 // 
            
            
            
            CNNVD: CNNVD-201204-135

EXTERNAL IDS
db:NVDid:CVE-2012-0334
Trust: 3.4
db:BIDid:52981
Trust: 2.0
db:JVNDBid:JVNDB-2012-006565
Trust: 0.8
db:CNNVDid:CNNVD-201204-135
Trust: 0.7
db:CNVDid:CNVD-2012-1837
Trust: 0.6
db:VULHUBid:VHN-53615
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-1837 // 
            
            
            
            VULHUB: VHN-53615 // 
            
            
            
            BID: 52981 // 
            
            
            
            JVNDB: JVNDB-2012-006565 // 
            
            
            
            CNNVD: CNNVD-201204-135 // 
            
            
            
            NVD: CVE-2012-0334

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120412-cve-2012-0334
Trust: 1.7
url:http://www.securityfocus.com/bid/52981
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-0334
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0334
Trust: 0.8
url:http://www.secureworks.com/research/threats/transitive-trust/http
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps10164/index.html
Trust: 0.3
url:http://www.secureworks.com/research/threats/transitive-trust/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-1837 // 
            
            
            
            VULHUB: VHN-53615 // 
            
            
            
            BID: 52981 // 
            
            
            
            JVNDB: JVNDB-2012-006565 // 
            
            
            
            CNNVD: CNNVD-201204-135 // 
            
            
            
            NVD: CVE-2012-0334

CREDITS
Jeff Jarmoc
Trust: 0.3
sources:
            
            
            BID: 52981

SOURCES
db:CNVDid:CNVD-2012-1837
db:VULHUBid:VHN-53615
db:BIDid:52981
db:JVNDBid:JVNDB-2012-006565
db:CNNVDid:CNNVD-201204-135
db:NVDid:CVE-2012-0334

LAST UPDATE DATE
2024-08-14T13:25:09.341000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-1837date:2012-04-12T00:00:00
db:VULHUBid:VHN-53615date:2020-01-23T00:00:00
db:BIDid:52981date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-006565date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201204-135date:2020-05-09T00:00:00
db:NVDid:CVE-2012-0334date:2020-01-23T17:13:03.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-1837date:2012-04-12T00:00:00
db:VULHUBid:VHN-53615date:2020-01-15T00:00:00
db:BIDid:52981date:2012-04-11T00:00:00
db:JVNDBid:JVNDB-2012-006565date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201204-135date:2012-04-12T00:00:00
db:NVDid:CVE-2012-0334date:2020-01-15T13:15:12.577