CVE-2012-3923 — Cisco IOS vulnerability

CWE-3995 documents5 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 40.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedSep 16

Latest updateMay 17

Description

The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ios4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fwg7-925x-49rf: The SSLVPN implementation in Cisco IOS 12↗2022-05-17

▶

CVEList

CVE-2012-3923: The SSLVPN implementation in Cisco IOS 12↗2012-09-16

▶

💥Exploits & PoCs

Exploit-DB

Apache Struts - 'ParametersInterceptor' Remote Code Execution (Metasploit)↗2013-03-22

▶

📋Vendor Advisories

Cisco

Cisco IOS SSL VPN Denial of Service Vulnerability↗2012-10-03

▶