CVE-2012-1344Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3994 documents4 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 42.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedAug 6
Latest updateMay 17

Description

Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios15.1, 15.2+1

🔴Vulnerability Details

2
GHSA
GHSA-qh7f-gw68-jwqh: Cisco IOS 152022-05-17
CVEList
CVE-2012-1344: Cisco IOS 152012-08-06

📋Vendor Advisories

1
Cisco
Cisco IOS SSL VPN Portal Page Denial of Service Vulnerability2012-08-10
CVE-2012-1344 — Cisco IOS vulnerability | cvebase