Lucene search

[email protected]NVD:CVE-2012-5032

HistoryApr 23, 2014 - 11:52 a.m.

CVE-2012-5032

2014-04-2311:52:59

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.

Affected configurations

Nvd

Node

ciscoiosRange≤15.1\(1\)sy2

ciscoiosMatch15.1

ciscoiosMatch15.1\(1\)sy

ciscoiosMatch15.1\(1\)sy1

VendorProductVersionCPE
ciscoios*cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
ciscoios15.1cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
ciscoios15.1(1)sycpe:2.3:o:cisco:ios:15.1\(1\)sy:*:*:*:*:*:*:*
ciscoios15.1(1)sy1cpe:2.3:o:cisco:ios:15.1\(1\)sy1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	*	cpe:2.3:o:cisco:ios::::::::
cisco	ios	15.1	cpe:2.3:o:cisco:ios:15.1:::::::*
cisco	ios	15.1(1)sy	cpe:2.3:o:cisco:ios:15.1\(1\)sy:::::::*
cisco	ios	15.1(1)sy1	cpe:2.3:o:cisco:ios:15.1\(1\)sy1:::::::*

References

www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Related for NVD:CVE-2012-5032

cvelist1 cve1 prion1