CVE-2012-5032

Published: Apr 23, 2014Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.

Affected (4)

Products: Cisco: Ios

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Up to 15.1\(1\)sy2
Cisco Ios	Version 15.1
Cisco Ios	Version 15.1(1)sy1
Cisco Ios	Version 15.1(1)sy

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf

Source: psirt@cisco.com

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.