CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6007 79 XSS 2012-12-19 2013-01-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
2 CVE-2012-5992 352 XSS CSRF 2012-12-19 2013-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
3 CVE-2012-5991 DoS 2012-12-19 2013-01-30
6.3
None Remote Medium Single system None None Complete
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.
4 CVE-2012-5445 20 DoS Exec Code 2012-12-28 2013-03-04
6.8
None Local Low Single system Complete Complete Complete
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
5 CVE-2012-5424 20 Bypass 2012-11-07 2013-03-11
5.0
None Remote Low Not required Partial None None
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
6 CVE-2012-5417 264 Exec Code 2012-11-02 2013-02-25
10.0
None Remote Low Not required Complete Complete Complete
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.
7 CVE-2012-5416 119 DoS Overflow 2012-11-02 2013-08-22
7.8
None Remote Low Not required None None Complete
Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341.
8 CVE-2012-4663 119 DoS Overflow 2012-10-29 2013-04-10
7.1
None Remote Medium Not required None None Complete
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21346 and CSCtr27521.
9 CVE-2012-4662 119 DoS Overflow 2012-10-29 2013-04-10
7.1
None Remote Medium Not required None None Complete
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a crafted DCERPC packet, aka Bug IDs CSCtr21376 and CSCtr27524.
10 CVE-2012-4661 119 Exec Code Overflow 2012-10-29 2013-04-10
9.0
None Remote Medium Not required Complete Partial Complete
Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522.
11 CVE-2012-4660 119 DoS Overflow 2012-10-29 2013-03-01
7.8
None Remote Low Not required None None Complete
The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted SIP media-update packet, aka Bug ID CSCtr63728.
12 CVE-2012-4659 287 DoS 2012-10-29 2013-03-01
7.1
None Remote Medium Not required None None Complete
The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication response, aka Bug ID CSCtz04566.
13 CVE-2012-4655 20 Exec Code 2012-09-24 2013-04-04
9.3
None Remote Medium Not required Complete Complete Complete
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
14 CVE-2012-4643 399 DoS 2012-10-29 2013-03-01
7.1
None Remote Medium Not required None None Complete
The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8.5(1.9), and 8.6 before 8.6(1.5) does not properly allocate memory for DHCP packets, which allows remote attackers to cause a denial of service (device reload) via a series of crafted IPv4 packets, aka Bug ID CSCtw84068.
15 CVE-2012-4629 399 DoS 2012-09-12 2013-04-04
7.8
None Remote Low Not required None None Complete
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.
16 CVE-2012-4623 20 DoS 2012-09-26 2013-03-01
7.8
None Remote Low Not required None None Complete
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.
17 CVE-2012-4622 399 DoS 2012-09-26 2013-03-01
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.
18 CVE-2012-4621 399 DoS 2012-09-26 2013-02-13
7.8
None Remote Low Not required None None Complete
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
19 CVE-2012-4620 399 DoS 2012-09-26 2013-02-13
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.
20 CVE-2012-4619 399 DoS 2012-09-26 2013-04-10
7.8
None Remote Low Not required None None Complete
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
21 CVE-2012-4618 399 DoS 2012-09-26 2013-04-10
7.8
None Remote Low Not required None None Complete
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
22 CVE-2012-4617 20 DoS 2012-09-26 2013-02-13
7.1
None Remote Medium Not required None None Complete
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.
23 CVE-2012-3950 399 DoS 2012-09-26 2013-02-21
7.1
None Remote Medium Not required None None Complete
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.
24 CVE-2012-3949 20 DoS 2012-09-26 2013-06-04
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
25 CVE-2012-3941 119 Exec Code Overflow 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850.
26 CVE-2012-3940 119 Exec Code Overflow 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.
27 CVE-2012-3939 119 DoS Exec Code Overflow Mem. Corr. 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331.
28 CVE-2012-3938 119 Exec Code Overflow 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583.
29 CVE-2012-3937 119 Exec Code Overflow 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967.
30 CVE-2012-3936 119 Exec Code Overflow 2012-10-25 2013-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962.
31 CVE-2012-3935 119 DoS Overflow 2012-09-12 2013-03-25
7.8
None Remote Low Not required None None Complete
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
32 CVE-2012-3924 DoS 2012-09-16 2013-03-25
3.5
None Remote Medium Single system None None Partial
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.
33 CVE-2012-3923 DoS 2012-09-16 2013-03-25
3.5
None Remote Medium Single system None None Partial
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.
34 CVE-2012-3919 399 DoS 2012-09-16 2013-03-25
5.0
None Remote Low Not required None None Partial
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879.
35 CVE-2012-3915 119 DoS Overflow 2012-09-16 2013-03-25
5.0
None Remote Low Not required None None Partial
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
36 CVE-2012-3908 352 CSRF 2012-09-16 2013-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
37 CVE-2012-3901 119 DoS Overflow 2012-09-16 2013-01-24
5.0
None Remote Low Not required None None Partial
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.
38 CVE-2012-3899 399 DoS Mem. Corr. 2012-09-16 2012-09-17
5.0
None Remote Low Not required None None Partial
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051.
39 CVE-2012-3895 DoS 2012-09-16 2013-01-24
6.3
None Remote Medium Single system None None Complete
Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.
40 CVE-2012-3893 DoS 2012-09-16 2012-09-17
6.3
None Remote Medium Single system None None Complete
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
41 CVE-2012-3096 DoS 2012-09-16 2013-01-24
4.0
None Remote Low Single system None None Partial
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.
42 CVE-2012-3094 200 +Info 2012-09-16 2013-01-24
5.0
None Remote Low Not required Partial None None
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.
43 CVE-2012-3088 2012-09-16 2013-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
44 CVE-2012-3079 399 DoS 2012-09-16 2013-01-24
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.
45 CVE-2012-3076 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
46 CVE-2012-3075 78 Exec Code 2012-07-12 2012-07-12
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
47 CVE-2012-3074 78 Exec Code 2012-07-12 2012-07-16
8.3
None Local Network Low Not required Complete Complete Complete
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
48 CVE-2012-3073 DoS 2012-07-12 2012-07-16
7.8
None Remote Low Not required None None Complete
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338.
49 CVE-2012-3063 362 Bypass 2012-06-20 2013-03-21
7.1
None Remote High Single system Complete Complete Complete
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
50 CVE-2012-3060 399 DoS 2012-09-16 2013-01-24
7.8
None Remote Low Not required None None Complete
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269.
Total number of vulnerabilities : 160   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.