CVE-2011-1625

Current Description

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.

Basic Data

PublishedAugust 18, 2011
Last ModifiedMarch 15, 2012
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score5.4
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCiscoIos12.2*******
    2.3OSCiscoIos12.3*******
    2.3OSCiscoIos12.4*******
    2.3OSCiscoIos15.0*******
    2.3OSCiscoIos15.1*******

Vulnerable Software List

VendorProductVersions
Cisco Ios 12.2, 12.3, 12.4, 15.0, 15.1

References

NameSourceURLTags
http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.htmlhttp://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.htmlCONFIRM