CVE-2012-2488Improper Input Validation in Cisco IOS XR

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 36.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMay 31
Latest updateMay 17

Description

Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr4.2.0+6

🔴Vulnerability Details

2
GHSA
GHSA-w5qh-vv4g-4g87: Cisco IOS XR before 42022-05-17
CVEList
CVE-2012-2488: Cisco IOS XR before 42012-05-31

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Route Processor Denial of Service Vulnerability2012-05-30
CVE-2012-2488 — Improper Input Validation in Cisco | cvebase