CVE-2012-1338

Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:C

Exploitability : 6.8 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html	Vendor Advisory
http://www.securitytracker.com/id?1027349

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios:15.1:::::::*
	cpe:2.3:o:cisco:ios:15.0:::::::*

OR	cpe:2.3:h:cisco:catalyst_3750-x::::::::
	cpe:2.3:h:cisco:catalyst_3750-e::::::::
	cpe:2.3:h:cisco:catalyst_3750_metro::::::::
	cpe:2.3:h:cisco:catalyst_3750g::::::::
	cpe:2.3:h:cisco:catalyst_3560::::::::
	cpe:2.3:h:cisco:catalyst_3560-x::::::::
	cpe:2.3:h:cisco:catalyst_3560-e::::::::
	cpe:2.3:h:cisco:catalyst_3750::::::::

Information

Published : 2012-08-06 10:55

Updated : 2013-04-01 20:16

NVD link : CVE-2012-1338

Mitre link : CVE-2012-1338

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Products Affected

cisco

catalyst_3750
catalyst_3560
catalyst_3750_metro
catalyst_3750g
catalyst_3750-e
catalyst_3560-e
catalyst_3560-x
catalyst_3750-x
ios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html", "name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1027349", "name": "1027349", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1338", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-06T17:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750-x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750-e:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750_metro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750g:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3560:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3560-x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3560-e:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_3750:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-04-02T03:16Z"}

6.3 /10