CVE-2012-5415

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:5500_adaptive_security_appliance:7.2:2::::::
	cpe:2.3:h:cisco:5500_series_adaptive_security_appliance::::::::
	cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:7.2:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance::::::::

History

21 Nov 2024, 01:44

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415 - Vendor Advisory

Information

Published : 2013-04-16 14:04

Updated : 2024-11-21 01:44

NVD link : CVE-2012-5415

Mitre link : CVE-2012-5415

CVE.ORG link : CVE-2012-5415

JSON object : View

Products Affected

cisco

5500_adaptive_security_appliance
5500_series_adaptive_security_appliance
adaptive_security_appliance

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2012-5415", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-16T14:04:30.890", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272."}, {"lang": "es", "value": "Condici\u00f3n de carrera en dispositivos Cisco Adaptive Security Appliances (ASA) permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo CPU o reinicio del dispositivo) mediante el establecimiento de m\u00faltiples conexiones, dando lugar a una incorrecta gestion de las b\u00fasquedas para flujos secundarios, tambi\u00e9n conocido como Bug IDs CSCue31622 and CSCuc71272."}], "lastModified": "2024-11-21T01:44:40.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:5500_adaptive_security_appliance:7.2:2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C12A16-35D2-450F-8F12-D41D1B3C456B"}, {"criteria": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CB79D96-75EA-4B4F-99A7-9AB4158B7301"}, {"criteria": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF0ADD1-FE8E-4619-86DD-F86C52E5FB82"}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D80DB80-F243-469B-993F-E368B092B3C5"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}