CVE-2012-5415 - Vulnerability Details - OpenCVE

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	5500 Adaptive Security Appliance 5500 Series Adaptive Security Appliance Adaptive Security Appliance

Configuration 1 [-]

OR	cpe:2.3:h:cisco:5500_adaptive_security_appliance:7.2:2::::::
	cpe:2.3:h:cisco:5500_series_adaptive_security_appliance::::::::
	cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:7.2:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance::::::::

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-04-16T10:00:00Z

Updated: 2024-09-17T01:05:51.612Z

Reserved: 2012-10-17T00:00:00Z

Link: CVE-2012-5415

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-04-16T14:04:30.890

Modified: 2024-11-21T01:44:40.197

Link: CVE-2012-5415

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-16T10:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20130411 Secondary Flows Lookup Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-5415", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130411 Secondary Flows Lookup Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.244Z"}, "title": "CVE Program Container", "references": [{"name": "20130411 Secondary Flows Lookup Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-5415", "datePublished": "2013-04-16T10:00:00Z", "dateReserved": "2012-10-17T00:00:00Z", "dateUpdated": "2024-09-17T01:05:51.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:5500_adaptive_security_appliance:7.2:2:*:*:*:*:*:*", "matchCriteriaId": "E6C12A16-35D2-450F-8F12-D41D1B3C456B", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB79D96-75EA-4B4F-99A7-9AB4158B7301", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BF0ADD1-FE8E-4619-86DD-F86C52E5FB82", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D80DB80-F243-469B-993F-E368B092B3C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272."}, {"lang": "es", "value": "Condici\u00f3n de carrera en dispositivos Cisco Adaptive Security Appliances (ASA) permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo CPU o reinicio del dispositivo) mediante el establecimiento de m\u00faltiples conexiones, dando lugar a una incorrecta gestion de las b\u00fasquedas para flujos secundarios, tambi\u00e9n conocido como Bug IDs CSCue31622 and CSCuc71272."}], "id": "CVE-2012-5415", "lastModified": "2024-11-21T01:44:40.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-16T14:04:30.890", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5415"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}