CVE-2012-5032
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.
La funcionalidad Flex-VPN load-balancing en la implementación ipsec-ikev2 en Cisco IOS anterior a 15.1(1)SY3 no requiere autenticación, lo que permite a atacantes remotos provocar el reenvío de trafico VPN hacia un destino controlado por el atacante, o el descarte de este trafico, mediante la organización de un dispositivo arbitrario como miembro de un cluster, también conocido como Bug ID CSCub93641.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-09-21 CVE Reserved
- 2014-04-23 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.1\(1\)sy2 Search vendor "Cisco" for product "Ios" and version " <= 15.1\(1\)sy2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1 Search vendor "Cisco" for product "Ios" and version "15.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(1\)sy Search vendor "Cisco" for product "Ios" and version "15.1\(1\)sy" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(1\)sy1 Search vendor "Cisco" for product "Ios" and version "15.1\(1\)sy1" | - |
Affected
| ||||||