Vulnerability Details : CVE-2012-3924
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.
Vulnerability category: Denial of service
Products affected by CVE-2012-3924
- cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3924
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3924
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST |
References for CVE-2012-3924
-
http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html
Cross-Platform Release Notes for Cisco IOS Release 15.2M&T - Release 15.2(1)T Caveats [Cisco IOS 15.2M&T] - CiscoVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78672
Cisco IOS SSL VPN DTLS enabled denial of service CVE-2012-3924 Vulnerability Report
Jump to