CVE-2012-4617 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.6%

top 31.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE Cisco IOS XR

Timeline

PublishedSep 27

Latest updateMay 17

Description

The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDcisco/ios15.2

▶NVDcisco/ios_xe3.5.0s, 3.5.1s+1

▶NVDcisco/ios_xr6 versions+5

🔴Vulnerability Details

GHSA

GHSA-gmvh-96pj-qpf9: The BGP implementation in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2012-4617: The BGP implementation in Cisco IOS 15↗2012-09-27

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability↗2012-09-26

▶