CVE-2012-3946 : Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published 2014-04-24 10:55:02

Updated 2014-04-24 18:38:18

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-3946

Probability of exploitation activity in the next 30 days: 0.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-3946

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-3946

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3946

http://www.cisco.com/c/en/us/td/docs/ios/15_3s/release/notes/15_3s_rel_notes/15_3s_caveats_15_3_2s.html

Cross-Platform Release Notes for Cisco IOS Release 15.3S - Release 15.3(2)S Bugs [Cisco IOS 15.3S] - Cisco

Products affected by CVE-2012-3946

Cisco » IOS
Versions up to, including, (<=) 15.3
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-3946

Exploit prediction scoring system (EPSS) score for CVE-2012-3946

CVSS scores for CVE-2012-3946

CWE ids for CVE-2012-3946

References for CVE-2012-3946

Products affected by CVE-2012-3946