CVE-2012-3062 in IOS
Summary
by MITRE
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/11/2026
Cisco IOS versions prior to 15.1(1)SY contain a critical vulnerability in the Multicast Listener Discovery MLD snooping implementation that enables remote attackers to execute denial of service attacks through carefully crafted MLD packets. This vulnerability specifically affects devices configured with MLD snooping enabled, creating a condition where malicious actors can exploit the protocol handling mechanisms to consume excessive CPU resources or trigger device crashes. The flaw manifests when networks contain numerous IPv6 hosts, amplifying the impact of the attack vector. The vulnerability stems from inadequate input validation and processing of MLD packets within the IOS kernel, allowing malformed or specially constructed packets to cause the system to enter unstable states or consume disproportionate computational resources. This issue represents a classic example of a resource exhaustion attack that can be executed remotely without authentication, making it particularly dangerous in network environments where MLD snooping is enabled to optimize multicast traffic delivery. The vulnerability affects the core routing functionality of Cisco IOS devices and can impact network availability for legitimate users. According to CWE classification, this corresponds to CWE-400: Uncontrolled Resource Consumption, which encompasses various forms of resource exhaustion attacks. The attack pattern aligns with ATT&CK technique T1498.001: Network Denial of Service, specifically targeting network infrastructure components to disrupt service availability. The impact extends beyond simple CPU consumption to potentially causing complete device instability, as the system may crash or require manual intervention to recover from the resource exhaustion state. This vulnerability is particularly concerning in enterprise environments where multicast traffic optimization is critical for efficient network operations, as disabling MLD snooping to mitigate the issue would compromise network performance and multicast delivery efficiency. The flaw demonstrates a fundamental weakness in the IOS implementation of IPv6 multicast protocols, where the system fails to properly handle edge cases in MLD packet processing. Network administrators should prioritize updating affected devices to versions 15.1(1)SY or later, as these releases contain the necessary patches to address the MLD snooping vulnerability. The mitigation strategy involves not only software updates but also network monitoring to detect abnormal MLD packet patterns that could indicate exploitation attempts. Security teams should implement network segmentation and access controls to limit the exposure of vulnerable devices and establish baseline performance metrics to quickly identify when systems are under attack. The vulnerability also highlights the importance of proper protocol implementation testing, particularly for IPv6 multicast functionality, which remains a complex area requiring careful validation to prevent similar issues in other network infrastructure components.