CVE-2012-1338

Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:C

Exploitability : 6.8 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html	Vendor Advisory
http://www.securitytracker.com/id?1027349

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios:15.0:::::::*
	cpe:2.3:o:cisco:ios:15.1:::::::*

OR	cpe:2.3:h:cisco:catalyst_3560::::::::
	cpe:2.3:h:cisco:catalyst_3560-e::::::::
	cpe:2.3:h:cisco:catalyst_3560-x::::::::
	cpe:2.3:h:cisco:catalyst_3750::::::::
	cpe:2.3:h:cisco:catalyst_3750-e::::::::
	cpe:2.3:h:cisco:catalyst_3750-x::::::::
	cpe:2.3:h:cisco:catalyst_3750_metro::::::::
	cpe:2.3:h:cisco:catalyst_3750g::::::::

History

No history.

Information

Published : 2012-08-06 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-1338

Mitre link : CVE-2012-1338

CVE.ORG link : CVE-2012-1338

JSON object : View

Products Affected

cisco

ios
catalyst_3750
catalyst_3750-e
catalyst_3750-x
catalyst_3750g
catalyst_3560-x
catalyst_3750_metro
catalyst_3560
catalyst_3560-e

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2012-1338", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-06T17:55:00.697", "references": [{"url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1027349", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664."}, {"lang": "es", "value": "Cisco IOS v15.0 y v15.1 en el Catalyst 3560 y 3750 switches de la serie permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (recarga del dispositivo) al completar la autenticaci\u00f3n web local con rapidez, tambi\u00e9n conocido como Bug ID CSCts88664."}], "lastModified": "2013-04-02T03:16:11.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84"}, {"criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_3560:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83227C65-2708-4974-BDCE-07F9849CC921"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3560-e:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84DD0996-8EF3-4845-8171-3053A4505213"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3560-x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838B730D-D40C-4CBA-ABCE-BD4F4478D75F"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF73F5A9-F3FB-476D-8309-B1E1E485C44A"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750-e:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D0458B-2B1B-4DAA-AB5D-BA95DFD058DA"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750-x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C022076A-05DE-4EAF-9CFE-CF9B99D1D08D"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750_metro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC517907-C094-4B7F-8073-480DE18CDD75"}, {"criteria": "cpe:2.3:h:cisco:catalyst_3750g:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EAB8765-659C-4A1D-ACA8-3323FA64CCEC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}