CVE-2012-5037 : The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a den

The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.

Published 2014-04-23 11:52:59

Updated 2014-04-23 16:38:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-5037

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5037

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:S/C:N/I:N/A:C	3.1	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2012-5037

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5037

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf

CVEs referencing this url

Products affected by CVE-2012-5037

Cisco » IOS
Versions up to, including, (<=) 15.1
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Matching versions
Cisco » Catalyst 6500
cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*
Matching versions
Cisco » Catalyst 7600
cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-5037

Exploit prediction scoring system (EPSS) score for CVE-2012-5037

CVSS scores for CVE-2012-5037

CWE ids for CVE-2012-5037

References for CVE-2012-5037

Products affected by CVE-2012-5037