Vulnerability Description
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.2\(58\)ses |
Related Weaknesses (CWE)
References
- http://puck.nether.net/pipermail/cisco-nsp/2012-February/083517.html
- http://www.securitytracker.com/id?1027005
- http://puck.nether.net/pipermail/cisco-nsp/2012-February/083517.html
- http://www.securitytracker.com/id?1027005
FAQ
What is CVE-2012-0362?
CVE-2012-0362 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in op...
How severe is CVE-2012-0362?
CVE-2012-0362 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0362?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.