Vulnerability Description
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.4 |
References
- http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78670
- http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78670
FAQ
What is CVE-2012-3923?
CVE-2012-3923 is a vulnerability with a CVSS score of 3.5 (LOW). The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to ca...
How severe is CVE-2012-3923?
CVE-2012-3923 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3923?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.