Sign-up

ID

VAR-200511-0398


CVE

CVE-2005-3426


TITLE

Cisco 11500 Content Services Switch Malformed SSL Certificate Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2005-3511

DESCRIPTION

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. This vulnerability only occurs if the CSS is configured to support SSL terminal services, and SSL terminal services are not configured by default. SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/en/US/products/products_security_advisory09186a008054bc9b.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-3426 // CNVD: CNVD-2005-3511 // BID: 15144 // IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-14635 // PACKETSTORM: 40807

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-3511

AFFECTED PRODUCTS

vendor:ciscomodel:content services switch 11500scope:eqversion:*

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.30

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.20

Trust: 0.6

vendor:ciscomodel:content services switch 11500scope: - version: -

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.10

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope:eqversion:7.4

Trust: 0.3

vendor:content services switch 11500model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-3511 // BID: 15144 // CNNVD: CNNVD-200511-042 // NVD: CVE-2005-3426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3426
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200511-042
value: MEDIUM

Trust: 0.6

IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-14635
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-3426
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-14635
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-14635 // CNNVD: CNNVD-200511-042 // NVD: CVE-2005-3426

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-042

TYPE

other

Trust: 0.8

sources: IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200511-042

EXTERNAL IDS

db:NVDid:CVE-2005-3426

Trust: 2.5

db:BIDid:15144

Trust: 2.0

db:SECUNIAid:17260

Trust: 1.8

db:SREASONid:99

Trust: 1.7

db:SECTRACKid:1015081

Trust: 1.7

db:CNNVDid:CNNVD-200511-042

Trust: 0.9

db:CNVDid:CNVD-2005-3511

Trust: 0.8

db:CISCOid:20051019 CISCO 11500 CONTENT SERVICES SWITCH SSL MALFORMED CLIENT CERTIFICATE VULNERABILITY

Trust: 0.6

db:IVDid:7DD54D54-2355-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-14635

Trust: 0.1

db:PACKETSTORMid:40807

Trust: 0.1

sources: IVD: 7dd54d54-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-3511 // VULHUB: VHN-14635 // BID: 15144 // PACKETSTORM: 40807 // CNNVD: CNNVD-200511-042 // NVD: CVE-2005-3426

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml

Trust: 2.1

url:http://www.securityfocus.com/bid/15144

Trust: 1.7

url:http://securitytracker.com/id?1015081

Trust: 1.7

url:http://secunia.com/advisories/17260

Trust: 1.7

url:http://securityreason.com/securityalert/99

Trust: 1.7

url:http://www.cisco.com/en/us/products/hw/contnetw/ps792/index.html

Trust: 0.3

url:http://secunia.com/advisories/17260/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/5680/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.cisco.com/en/us/products/products_security_advisory09186a008054bc9b.shtml#software

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-14635 // BID: 15144 // PACKETSTORM: 40807 // CNNVD: CNNVD-200511-042 // NVD: CVE-2005-3426

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200511-042

SOURCES

db:IVDid:7dd54d54-2355-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2005-3511
db:VULHUBid:VHN-14635
db:BIDid:15144
db:PACKETSTORMid:40807
db:CNNVDid:CNNVD-200511-042
db:NVDid:CVE-2005-3426

LAST UPDATE DATE

2024-08-14T15:09:46.729000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2005-3511date:2005-10-20T00:00:00
db:VULHUBid:VHN-14635date:2008-09-05T00:00:00
db:BIDid:15144date:2005-10-19T00:00:00
db:CNNVDid:CNNVD-200511-042date:2005-11-15T00:00:00
db:NVDid:CVE-2005-3426date:2008-09-05T20:54:21.667

SOURCES RELEASE DATE

db:IVDid:7dd54d54-2355-11e6-abef-000c29c66e3ddate:2005-10-20T00:00:00
db:CNVDid:CNVD-2005-3511date:2005-10-20T00:00:00
db:VULHUBid:VHN-14635date:2005-11-02T00:00:00
db:BIDid:15144date:2005-10-19T00:00:00
db:PACKETSTORMid:40807date:2005-10-21T17:57:17
db:CNNVDid:CNNVD-200511-042date:2005-10-20T00:00:00
db:NVDid:CVE-2005-3426date:2005-11-02T00:02:00