CVE-2012-4658Improper Authentication in Cisco IOS

CWE-287Improper Authentication4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 39.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedApr 23
Latest updateMay 17

Description

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios15.1\(1\)sy2+3

🔴Vulnerability Details

2
GHSA
GHSA-mw4g-r9w4-rcr5: The ios-authproxy implementation in Cisco IOS before 152022-05-17
CVEList
CVE-2012-4658: The ios-authproxy implementation in Cisco IOS before 152014-04-23
CVE-2012-4658 — Improper Authentication in Cisco IOS | cvebase