Vulnerability Description
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.1 |
References
- http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78672
- http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78672
FAQ
What is CVE-2012-3924?
CVE-2012-3924 is a vulnerability with a CVSS score of 3.5 (LOW). The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of s...
How severe is CVE-2012-3924?
CVE-2012-3924 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3924?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.