CVE-2012-0382
high
CVSS v3
7.5
CVSS v2
7.8
VIR risk
7.5
Description
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp
References
- http://osvdb.org/80693
- http://secunia.com/advisories/48630
- http://secunia.com/advisories/48633
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp
- http://www.securityfocus.com/bid/52759
- http://www.securitytracker.com/id?1026868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74431
- http://osvdb.org/80693
- http://secunia.com/advisories/48630
- http://secunia.com/advisories/48633
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp
- http://www.securityfocus.com/bid/52759
- http://www.securitytracker.com/id?1026868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74431
CWEs
CWE-400
Verify integrity in audit chain (admin only). AS-IS.