CVE-2012-0385

The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/80694
http://secunia.com/advisories/48610
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall	Vendor Advisory
http://www.securityfocus.com/bid/52756
http://www.securitytracker.com/id?1026867
https://exchange.xforce.ibmcloud.com/vulnerabilities/74430

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios:12.2:::::::*
	cpe:2.3:o:cisco:ios:15.0:::::::*
	cpe:2.3:o:cisco:ios:15.1:::::::*
	cpe:2.3:o:cisco:ios:15.2:::::::*

History

No history.

Information

Published : 2012-03-29 11:01

Updated : 2024-02-04 18:16

NVD link : CVE-2012-0385

Mitre link : CVE-2012-0385

CVE.ORG link : CVE-2012-0385

JSON object : View

Products Affected

cisco

ios

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-0385", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-03-29T11:01:16.230", "references": [{"url": "http://osvdb.org/80694", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/48610", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/52756", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1026867", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74430", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051."}, {"lang": "es", "value": "La funci\u00f3n Smart Install en Cisco IOS v12.2, v15.0, v15.1 y v15.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del dispositivo) mediante el env\u00edo de un mensaje Smart Install mal formado sobre TCP. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtt16051."}], "lastModified": "2017-12-13T02:29:00.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178"}, {"criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836"}, {"criteria": "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}