CVE-2012-4661Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.0CRITICALNVD
EPSS
9.7%
top 7.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedOct 29
Latest updateMay 17

Description

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC

CVSS vector

AV:N/AC:M/C:C/I:P/A:CExploitability: 8.6 | Impact: 9.5

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-949w-qxfg-2pvp: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Modu2022-05-17
CVEList
CVE-2012-4661: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Modu2012-10-29

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module2012-10-10
Cisco
Multiple Vulnerabilities in Cisco Firewall Services Module2012-10-10
CVE-2012-4661 — Cisco vulnerability | cvebase