Details of VAR-201205-0331

ID

VAR-201205-0331

CVE

CVE-2011-4231

TITLE

Cisco IOS and IOS XE Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-002228

DESCRIPTION

Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. IOS XE is prone to a denial-of-service vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The vulnerability is caused by configuring as an IPsec hub with X.509 certificates

Trust: 2.07

sources: NVD: CVE-2011-4231 // JVNDB: JVNDB-2012-002228 // BID: 78402 // VULHUB: VHN-52176 // VULMON: CVE-2011-4231

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 2.1
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 2.1
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1sg	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.x	Trust: 0.8
vendor:	cisco	model:	ios xe 3.4.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.0s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.4.0as	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.3.0s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.2.0s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.4s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.3s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.1sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.1s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.0sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe 3.1.0s	scope:	-	version:	-	Trust: 0.3

sources: BID: 78402 // JVNDB: JVNDB-2012-002228 // CNNVD: CNNVD-201205-069 // NVD: CVE-2011-4231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4231
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4231
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201205-069
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-52176
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-4231
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4231
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-52176
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-52176 // VULMON: CVE-2011-4231 // JVNDB: JVNDB-2012-002228 // CNNVD: CNNVD-201205-069 // NVD: CVE-2011-4231

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-52176 // JVNDB: JVNDB-2012-002228 // NVD: CVE-2011-4231

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-069

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201205-069

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002228

PATCH

title:	Release 15.1(4)M Caveats	url:	http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html	Trust: 0.8
title:	Release 3.4S Caveats	url:	http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html	Trust: 0.8

sources: JVNDB: JVNDB-2012-002228

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4231	Trust: 2.9
db:	JVNDB	id:	JVNDB-2012-002228	Trust: 0.8
db:	CNNVD	id:	CNNVD-201205-069	Trust: 0.6
db:	BID	id:	78402	Trust: 0.5
db:	VULHUB	id:	VHN-52176	Trust: 0.1
db:	VULMON	id:	CVE-2011-4231	Trust: 0.1

sources: VULHUB: VHN-52176 // VULMON: CVE-2011-4231 // BID: 78402 // JVNDB: JVNDB-2012-002228 // CNNVD: CNNVD-201205-069 // NVD: CVE-2011-4231

REFERENCES

url:	http://www.cisco.com/en/us/docs/ios/15_1/release/notes/151-4mcavs.html	Trust: 2.1
url:	http://www.cisco.com/en/us/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html	Trust: 2.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4231	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4231	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/78402	Trust: 0.1

sources: VULHUB: VHN-52176 // VULMON: CVE-2011-4231 // BID: 78402 // JVNDB: JVNDB-2012-002228 // CNNVD: CNNVD-201205-069 // NVD: CVE-2011-4231

CREDITS

Unknown

Trust: 0.3

sources: BID: 78402

SOURCES

db:	VULHUB	id:	VHN-52176
db:	VULMON	id:	CVE-2011-4231
db:	BID	id:	78402
db:	JVNDB	id:	JVNDB-2012-002228
db:	CNNVD	id:	CNNVD-201205-069
db:	NVD	id:	CVE-2011-4231

LAST UPDATE DATE

2024-11-23T22:46:17.546000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-52176	date:	2012-05-11T00:00:00
db:	VULMON	id:	CVE-2011-4231	date:	2012-05-11T00:00:00
db:	BID	id:	78402	date:	2012-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2012-002228	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-069	date:	2012-05-04T00:00:00
db:	NVD	id:	CVE-2011-4231	date:	2024-11-21T01:32:03.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-52176	date:	2012-05-03T00:00:00
db:	VULMON	id:	CVE-2011-4231	date:	2012-05-03T00:00:00
db:	BID	id:	78402	date:	2012-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2012-002228	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-069	date:	2012-05-04T00:00:00
db:	NVD	id:	CVE-2011-4231	date:	2012-05-03T10:11:39.687