CVE-2012-3062 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-193 — Off-by-one Error CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 61.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedApr 23

Latest updateMay 17

Description

Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios15.1

🔴Vulnerability Details

GHSA

GHSA-62qx-cj8j-5j5q: Cisco IOS before 15↗2022-05-17

▶

CVEList

CVE-2012-3062: Cisco IOS before 15↗2014-04-23

▶

📋Vendor Advisories

Red Hat

Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)↗2012-04-24

▶

💬Community

Bugzilla

CVE-2011-3062 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)↗2012-04-22

▶