CVE-2012-5032Improper Authentication in Cisco IOS

CWE-287Improper Authentication3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 33.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedApr 23
Latest updateMay 17

Description

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDcisco/ios15.1\(1\)sy2+3

🔴Vulnerability Details

2
GHSA
GHSA-qpqj-275w-f6mr: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 152022-05-17
CVEList
CVE-2012-5032: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 152014-04-23
CVE-2012-5032 — Improper Authentication in Cisco IOS | cvebase