CVE-2012-3924Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 40.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 16
Latest updateMay 17

Description

The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios15.1, 15.2+1

🔴Vulnerability Details

2
GHSA
GHSA-r759-v267-mx9j: The SSLVPN implementation in Cisco IOS 152022-05-17
CVEList
CVE-2012-3924: The SSLVPN implementation in Cisco IOS 152012-09-16

📋Vendor Advisories

1
Cisco
Cisco IOS SSL VPN Denial of Service Vulnerability2012-10-03
CVE-2012-3924 — Cisco IOS vulnerability | cvebase