CVE-2012-0381Cisco IOS XE vulnerability

CWE-3104 documents4 sources
Severity
7.5HIGHNVD
EPSS
3.5%
top 12.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XECisco IOS
Timeline
PublishedMar 29
Latest updateMay 4

Description

The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe3.1.0s3.4.1s+2
NVDcisco/ios755 versions+754

🔴Vulnerability Details

2
GHSA
GHSA-34wg-h45c-wrjc: The IKEv1 implementation in Cisco IOS 122022-05-04
CVEList
CVE-2012-0381: The IKEv1 implementation in Cisco IOS 122012-03-29

📋Vendor Advisories

1
Cisco
Cisco IOS Internet Key Exchange Vulnerability2012-03-28
CVE-2012-0381 — Cisco IOS XE vulnerability | cvebase