Vulnerability CVE-2012-5415

Vulnerability Name:

CVE-2012-5415 (CCN-83593)

Assigned:

2012-10-17

Published:

2013-04-11

Updated:

2013-04-16

Summary:

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-5415

Source: CCN
Type: SA53039
Cisco Adaptive Security Appliance Secondary Flows Lookup Denial of Service Vulnerability

Source: CCN
Type: Cisco Security Notice
Secondary Flows Lookup Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20130411 Secondary Flows Lookup Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
ciscoasa-cve20125415-dos(83593)

Vulnerable Configuration:

Configuration 1:

cpe:/h:cisco:5500_adaptive_security_appliance:7.2:2:*:*:*:*:*:*

OR cpe:/h:cisco:5500_series_adaptive_security_appliance:*:*:*:*:*:*:*:*

OR cpe:/h:cisco:5500_series_adaptive_security_appliance:7.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:cisco:adaptive_security_appliance:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK