CVE-2012-0362 : The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time key

The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.

Published 2012-05-02 10:09:22

Updated 2012-10-30 04:00:14

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-0362

Probability of exploitation activity in the next 30 days: 0.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0362

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-0362

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0362

http://puck.nether.net/pipermail/cisco-nsp/2012-February/083517.html

[c-nsp] Ambiguous ACL "log" in 12.2(58)SE2?
http://www.securitytracker.com/id?1027005

Cisco IOS Multiple Bugs Let Remote Users Bypass Security Controls, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker

CVEs referencing this url

Products affected by CVE-2012-0362

Cisco » IOS » Version: 12.2(58)ses
cpe:2.3:o:cisco:ios:12.2\(58\)ses:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.0(1)se
cpe:2.3:o:cisco:ios:15.0\(1\)se:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0362

Exploit prediction scoring system (EPSS) score for CVE-2012-0362

CVSS scores for CVE-2012-0362

CWE ids for CVE-2012-0362

References for CVE-2012-0362

Products affected by CVE-2012-0362