vulnerability CVE-2012-0387 CVE-2012-0388 CVE-2012-1310

Cisco IOS: memory free of Zone-Based Firewall

Synthesis of the vulnerability

An attacker can use four memory leaks of the Zone-Based Firewall feature, in order to create a denial of service.
Impacted products: Cisco Catalyst, IOS, Cisco Router xx00 Series.
Severity: 3/4.
Creation date: 29/03/2012.
Identifiers: BID-52753, cisco-sa-20120328-zbfw, CSCti46171, CSCto89536, CSCtq36153, CSCtq45553, CVE-2012-0387, CVE-2012-0388, CVE-2012-1310, CVE-2012-1315, VIGILANCE-VUL-11510.

Description of the vulnerability

The Zone-Based Firewall feature is used to create rules on zones where interfaces are located. However, four vulnerabilities were announced in ZFW.

Some IP packets generate a memory leak. [severity:3/4; CSCto89536, CVE-2012-1310]

An attacker can generate a memory leak during the HTTP inspection. [severity:3/4; CSCtq36153, CVE-2012-0387]

An attacker can generate a memory leak during the H.323 inspection. [severity:3/4; CSCtq45553, CVE-2012-0388]

An attacker can generate a memory leak during the SIP inspection. [severity:3/4; CSCti46171, CVE-2012-1315]

An attacker can therefore use four memory leaks of the Zone-Based Firewall feature, in order to create a denial of service.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.