CVE-2012-0382 — Uncontrolled Resource Consumption in Cisco IOS XE

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

EPSS

4.5%

top 10.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Cisco IOS

Timeline

PublishedMar 29

Latest updateMay 4

Description

The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios_xe3.1.0s — 3.4.1s+2

▶NVDcisco/ios755 versions+754

🔴Vulnerability Details

GHSA

GHSA-5vqm-f884-p772: The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12↗2022-05-04

▶

CVEList

CVE-2012-0382: The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12↗2012-03-29

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Multicast Source Discovery Protocol Vulnerability↗2012-03-28

▶