CVE-2012-3923
First published: Sun Sep 16 2012(Updated: )
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =12.4 | |
| Cisco IOS | =15.0 | |
| Cisco IOS | =15.1 | |
| Cisco IOS | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3923?
CVE-2012-3923 is classified as a denial of service vulnerability that can result in device crashes.
How do I fix CVE-2012-3923?
To address CVE-2012-3923, enable DTLS on the affected Cisco IOS versions or apply recommended patches from Cisco.
Which Cisco IOS versions are affected by CVE-2012-3923?
CVE-2012-3923 affects Cisco IOS versions 12.4, 15.0, 15.1, and 15.2.
What types of devices are impacted by CVE-2012-3923?
Devices using the SSLVPN implementation in the specified Cisco IOS versions are impacted by CVE-2012-3923.
Can remote authenticated users exploit CVE-2012-3923?
Yes, remote authenticated users can exploit CVE-2012-3923 through sessions involving PPP over ATM interfaces.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.4
- version/cisco ios/15.0
- version/cisco ios/15.1
- version/cisco ios/15.2