Vulnerability CVE-2011-3270


Published: 2011-10-03   Modified: 2012-02-13

Description:
Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.

Type:

CWE-noinfo

Vendor: Cisco
Product: IOS 
Version:
15.0s
15.0(1)s2
15.0(1)s1
12.2sb
12.2(33)sb9
12.2(33)sb8a
12.2(33)sb8
12.2(33)sb7
12.2(33)sb6
12.2(33)sb5
12.2(33)sb4
12.2(33)sb3
12.2(33)sb2
12.2(33)sb1
12.2(33)sb
12.2(31)sb9
12.2(31)sb8
12.2(31)sb7
12.2(31)sb6
12.2(31)sb5
12.2(31)sb3x
12.2(31)sb3
12.2(31)sb21
12.2(31)sb20
12.2(31)sb2
12.2(31)sb19
12.2(31)sb18
12.2(31)sb17
12.2(31)sb16
12.2(31)sb15
12.2(31)sb14
12.2(31)sb13
12.2(31)sb12
12.2(31)sb11
12.2(31)sb10
12.2(28)sb9
12.2(28)sb8
12.2(28)sb7
12.2(28)sb6
12.2(28)sb5
12.2(28)sb4
12.2(28)sb3
12.2(28)sb2
12.2(28)sb13
12.2(28)sb12
12.2(28)sb11
12.2(28)sb10
12.2(28)sb1
12.2(28)sb
Product: 10008 router 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d50.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=24114

Related CVE
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
CVE-2018-0355
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability...
CVE-2018-0352
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with ...
CVE-2018-0340
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected ...
CVE-2018-0339
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability ...
CVE-2018-0338
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affec...
CVE-2018-0336
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforc...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker...

Copyright 2018, cxsecurity.com

 

Back to Top