Vulnerabilities > CVE-2012-1312 - Resource Management Errors vulnerability in Cisco IOS 15.1/15.2

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
cisco
CWE-399
nessus

Summary

The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.

Vulnerable Configurations

Part Description Count
OS
Cisco
2

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20120328-MACE.NASL
descriptionThe version of Cisco IOS installed on the remote device is affected by multiple denial of service vulnerabilities due to message parsing flaws related to the Wide Area Application Services (WAAS) Express feature and the Measurement, Aggregation, and Correlation Engine (MACE) feature. A remote, unauthenticated attacker can exploit these flaws, via crafted requests, to cause a device reload or consumption of memory, resulting in a denial of service condition.
last seen2019-10-28
modified2012-04-02
plugin id58567
published2012-04-02
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/58567
titleCisco IOS Software Traffic Optimization Features Multiple DoS