Vulnerability CVE-2011-3270


Published: 2011-10-03   Modified: 2012-02-13

Description:
Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.

Type:

CWE-noinfo

Vendor: Cisco
Product: IOS 
Version:
15.0s
15.0(1)s2
15.0(1)s1
12.2sb
12.2(33)sb9
12.2(33)sb8a
12.2(33)sb8
12.2(33)sb7
12.2(33)sb6
12.2(33)sb5
12.2(33)sb4
12.2(33)sb3
12.2(33)sb2
12.2(33)sb1
12.2(33)sb
12.2(31)sb9
12.2(31)sb8
12.2(31)sb7
12.2(31)sb6
12.2(31)sb5
12.2(31)sb3x
12.2(31)sb3
12.2(31)sb21
12.2(31)sb20
12.2(31)sb2
12.2(31)sb19
12.2(31)sb18
12.2(31)sb17
12.2(31)sb16
12.2(31)sb15
12.2(31)sb14
12.2(31)sb13
12.2(31)sb12
12.2(31)sb11
12.2(31)sb10
12.2(28)sb9
12.2(28)sb8
12.2(28)sb7
12.2(28)sb6
12.2(28)sb5
12.2(28)sb4
12.2(28)sb3
12.2(28)sb2
12.2(28)sb13
12.2(28)sb12
12.2(28)sb11
12.2(28)sb10
12.2(28)sb1
12.2(28)sb
Product: 10008 router 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d50.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=24114

Related CVE
CVE-2018-0428
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerabili...
CVE-2018-0427
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-suppli...
CVE-2018-0419
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper ...
CVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device...
CVE-2018-0415
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticat...
CVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthentic...
CVE-2018-0410
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T...
CVE-2018-0386
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input tha...

Copyright 2018, cxsecurity.com

 

Back to Top