Vulnerability Details : CVE-2012-0362
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
Exploit prediction scoring system (EPSS) score for CVE-2012-0362
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0362
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-0362
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0362
-
http://puck.nether.net/pipermail/cisco-nsp/2012-February/083517.html
[c-nsp] Ambiguous ACL "log" in 12.2(58)SE2?
-
http://www.securitytracker.com/id?1027005
Cisco IOS Multiple Bugs Let Remote Users Bypass Security Controls, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker
Products affected by CVE-2012-0362
- cpe:2.3:o:cisco:ios:12.2\(58\)ses:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.0\(1\)se:*:*:*:*:*:*:*