Buffer Overflow in Cisco Port Forwarder ActiveX Control on Cisco ASA 5500 Devices
CVE-2012-0358

Currently unrated

Key Information:

Vendor: Cisco
Status: Adaptive Security Appliance Software; 5500 Series Adaptive Security Appliance
Vendor: CVE Published:; 15 March 2012

Summary

A buffer overflow issue exists in the Cisco Port Forwarder ActiveX control in cscopf.ocx, utilized through the Clientless VPN feature on affected Cisco ASA 5500 series devices. This vulnerability is exploitable by remote attackers, potentially allowing them to execute arbitrary code, thereby compromising the integrity and security of the network.

References

http://www.kb.cert.org/vuls/id/339177

third-party-advisoryx_refsource_CERT-VN

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/74027

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 15, 2012
Vulnerability Reserved
Jan 4, 2012