Cisco IOS 12.x/15.x IKEv1 Feature IKE Packet cryptographic issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Cisco IOS 12.x/15.x. Affected by this issue is some unknown functionality of the component IKEv1 Feature. Executing a manipulation as part of IKE Packet can lead to cryptographic issue. The identification of this vulnerability is CVE-2012-0381. There is no exploit available. Upgrading the affected component is advised.
Details
A vulnerability was found in Cisco IOS 12.x/15.x (Router Operating System). It has been declared as critical. This vulnerability affects an unknown function of the component IKEv1 Feature. The manipulation as part of a IKE Packet leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect availability. CVE summarizes:
The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.
The weakness was shared 03/28/2012 with Cisco as cisco-sa-20120328-ike as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2012-0381 since 01/04/2012. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1600.
The vulnerability scanner Nessus provides a plugin with the ID 58566 (Cisco IOS Internet Key Exchange Vulnerability (cisco-sa-20120328-ike)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43232 (Cisco IOS Internet Key Exchange Vulnerability (cisco-sa-20120328-ike)).
Upgrading eliminates this vulnerability.Proper firewalling of udp/500, udp/848, udp/4500, udp/4848 is able to address this issue. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (74427), Tenable (58566), SecurityFocus (BID 52757†), OSVDB (80700†) and Secunia (SA48605†). Additional details are provided at packetstormsecurity.org. The entries VDB-4979, VDB-4980, VDB-4981 and VDB-4982 are related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.5
VulDB Temp Score: 6.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issueCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 58566
Nessus Name: Cisco IOS Internet Key Exchange Vulnerability (cisco-sa-20120328-ike)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Firewalling: 🔍
Timeline
01/04/2012 🔍03/28/2012 🔍
03/28/2012 🔍
03/28/2012 🔍
03/28/2012 🔍
03/28/2012 🔍
03/29/2012 🔍
03/29/2012 🔍
03/30/2012 🔍
04/02/2012 🔍
04/02/2012 🔍
03/22/2021 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20120328-ike
Researcher: http://www.cisco.com
Organization: Cisco
Status: Confirmed
CVE: CVE-2012-0381 (🔍)
GCVE (CVE): GCVE-0-2012-0381
GCVE (VulDB): GCVE-100-4984
X-Force: 74427 - Cisco IOS IKE packet denial of service, Medium Risk
SecurityFocus: 52757 - Cisco Internet Key Exchange Denial of Service Vulnerability
Secunia: 48605 - Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability, Moderately Critical
OSVDB: 80700
SecurityTracker: 1026863 - Cisco IOS IKE Processing Flaw Lets Remote Users Deny Service
Vulnerability Center: 34754 - [cisco-sa-20120328-ike] Cisco IOS and IOS XE IKE Remote DoS via IKE UDP Packets Over IPv4 and IPv6, High
Misc.: 🔍
See also: 🔍
Entry
Created: 04/02/2012 22:40Updated: 03/22/2021 12:18
Changes: 04/02/2012 22:40 (80), 04/10/2017 12:19 (10), 03/22/2021 12:12 (11), 03/22/2021 12:18 (1)
Complete: 🔍
Cache ID: 216:E25:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.