CVE-2012-4622 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-399 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.7%

top 28.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Cisco Catalyst 4500e Series Switch With Cisco Catalyst Supervisor Engine 7l-e

Timeline

PublishedSep 27

Latest updateMay 17

Description

Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶ciscocisco/catalyst_4500e_series_switch_with_cisco_catalyst_supervisor_engine_7l-e

▶NVDcisco/ios_xe3.2.00.xo.15.0\(2\)xo

🔴Vulnerability Details

GHSA

GHSA-gw39-q5qm-cq3g: Cisco IOS XE 03↗2022-05-17

▶

📋Vendor Advisories

Cisco

Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability↗2012-09-26

▶

Red Hat

kernel: kvm: pit timer with no irqchip crashes the system↗2011-12-14

▶

Cisco

Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability↗

▶