Vulnerabilities > CVE-2012-0383 - Resource Management Errors vulnerability in Cisco IOS 12.4/15.0/15.1

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399
nessus
NVD
Published: 2012-03-29
Updated: 2017-08-29

Summary

Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.

Vulnerable Configurations

Part Description Count
OS
Cisco
3

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20120328-NAT.NASL
descriptionThe Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.
last seen2019-10-28
modified2012-04-02
plugin id58569
published2012-04-02
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/58569
titleCisco IOS Software Network Address Translation Vulnerability (cisco-sa-20120328-nat)

References