Improper input validation in Cisco IOS XE - CVE-2012-0385

Vulnerability identifier: #VU11759

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-0385

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS XE

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Smart Install feature due to improper input validation when processing a malformed Smart Install message on TCP port 4786. A remote attacker can cause the service to crash.

Update to versions 15.2(2)E, 15.2(1)EY, 15.2(1)E3, 15.2(1)E2, 15.2(1)E1, 15.2(1)E, 15.0(2)SE6, 15.0(2)SE5, 15.0(2)SE4, 15.0(2)SE2, 15.0(2)SE1, 15.0(2)SE, 15.0(2)EY2, 15.0(2)EY1, 15.0(2)EY, 15.0(2)EX5, 15.0(2)EX4, 15.0(2)EX3, 15.0(2)EX1, 15.0(2)EX, 15.0(2)EK1, 15.0(2)EK, 15.0(2)ED, 15.0(1)SE3, 15.0(1)SE2, 15.0(1)SE1, 12.2(60)EZ5, 12.2(60)EZ4, 12.2(60)EZ3, 12.2(60)EZ2, 12.2(60)EZ1, 12.2(60)EZ, 12.2(55)SE9, 12.2(55)SE8, 12.2(55)SE7, 12.2(55)SE6, 12.2(55)SE5, 16.1(0.14), 15.4(3)M, 15.4(2)T1, 15.4(2)T, 15.4(2)CG, 15.4(1)T2, 15.4(1)T1, 15.4(1)T, 15.4(1)CG1, 15.4(1)CG, 15.3(3)XB12, 15.3(3)M3, 15.3(3)M2, 15.3(3)M1, 15.3(3)M, 15.3(2)T4, 15.3(2)T3, 15.3(2)T2, 15.3(2)T1, 15.3(2)T, 15.3(1)T4, 15.3(1)T3, 15.3(1)T2, 15.3(1)T1, 15.3(1)T, 15.2(5.0)ST, 15.2(4)XB11, 15.2(4)M6b, 15.2(4)M6a, 15.2(4)M6, 15.2(4)M5, 15.2(4)M4, 15.2(4)M3, 15.2(4)M2, 15.2(4)M1, 15.2(4)JB6, 15.2(4)JB5m, 15.2(4)JB5, 15.2(4)JB4, 15.2(4)JB3s, 15.2(4)JB3b, 15.2(4)JB3a, 15.2(4)JB3, 15.2(4)JB1, 15.2(4)JB, 15.2(4)JAZ, 15.2(4)JA1, 15.2(4)JA, 15.2(4)GC2, 15.2(4)GC1, 15.2(4)GC, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(3)T4, 15.2(3)T3, 15.2(3)T2, 15.2(3)T1, 15.2(3)T, 15.2(3)GCA1, 15.2(3)GCA, 15.2(3)GC1, 15.2(3)GC, 15.2(3.30)PIP, 15.2(2)T4, 15.2(2)T3, 15.2(2)T1, 15.2(2)T0.2, 15.2(2)JB4, 15.2(2)GC, 15.2(2.14)PI19, 15.2(2.10)T, 15.2(2.9.5)PIH18, 15.2(1)T4, 15.2(1)T2, 15.2(1)T1.12, 15.2(1)GC2, 15.2(1)EX0.5, 15.1(4)XB7, 15.1(4)XB5a, 15.1(4)M9, 15.1(4)M8, 15.1(4)M7, 15.1(4)M6, 15.1(4)M5, 15.1(4)M4, 15.1(4)M3.2, 15.1(4)GC2, 15.1(4)GC1, 15.1(4)GC, 15.1(3)T4, 15.1(3)T3, 15.1(2)SY3, 15.1(2)SY2, 15.1(2)SY1, 15.1(2)SY, 15.1(2)STV11.1, 15.1(2)SIV11.7, 15.1(2)SG4, 15.1(2)SG3, 15.1(2)SG2, 15.1(2)SG1, 15.1(2)SG1.129, 15.1(2)SG, 15.1(1)SY3, 15.1(1)SY2, 15.1(1)SY1, 15.1(1)SY, 15.1(1)SG5.252, 15.1(1)SG5.251, 15.1(1)SG2, 15.1(1)SG2.1.1, 15.1(1)SG1, 15.1(1)SG, 15.1(1.5)SID, 15.1(1.4)DPB18, 15.1(0.9)SG3, 15.0(9.0)PKD, 15.0(7.1)EMW, 15.0(6.97)EMD, 15.0(2)SE3, 15.0(2)EZ, 15.0(2)EJ1, 15.0(2)EJ, 15.0(2)EH, 15.0(2)EC, 15.0(2)EB, 15.0(2)EA, 15.0(1)EY2, 12.2(58)EZ or 3.2(0)SE.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall