CVE-2012-1367

Name: CVE-2012-1367
Creator: NVD / NIST
Published: 2012-08-06T15:55:01.243+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.80%

Last modified Jun 16, 2026

CVE-2012-1367 is a vulnerability of currently unknown severity. The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.. EPSS estimates a 1.80% chance of exploitation in the next 30 days.

Description

The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.

Metrics

EPSS Probability

1.80%

75.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Cisco	Ios	12.0
Cisco	Ios	12.2
Cisco	Ios	15.0
Cisco	Ios	15.1
Cisco	Ios	15.2

References

http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.htmlExploit, Vendor Advisory
http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.htmlExploit, Vendor Advisory

Timeline

Published: Aug 6, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1367?

How severe is CVE-2012-1367?

Severity scoring for CVE-2012-1367 is pending analysis. The EPSS model estimates a 1.80% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1367?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1367?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST