CVE-2012-2472 — Cisco Adaptive Security Appliance Software vulnerability

CWE-3993 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedAug 6

Latest updateMay 17

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software17 versions+16

🔴Vulnerability Details

GHSA

GHSA-3cj3-h5j9-4fj9: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2022-05-17

▶

CVEList

CVE-2012-2472: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2012-08-06

▶