CVE-2012-4663Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.1HIGHNVD
EPSS
1.5%
top 18.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedOct 29
Latest updateMay 17

Description

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21346 and CSC

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7f5q-8qv9-j546: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 652022-05-17
CVEList
CVE-2012-4663: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 652012-10-29

📋Vendor Advisories

2
Cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module2012-10-10
Cisco
Multiple Vulnerabilities in Cisco Firewall Services Module2012-10-10
CVE-2012-4663 — Cisco vulnerability | cvebase