Sign-up

ID

VAR-201709-0004


CVE

CVE-2011-4667


TITLE

Cisco IOS and NX-OS Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-005405

DESCRIPTION

The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. Cisco IOS and NX-OS Contains a cryptographic vulnerability.Information may be obtained. are products of Cisco. DS9222iMultiserviceModularSwitch is a switch device. Encrypted inventory in several Cisco products is in an information disclosure vulnerability. A remote attacker could exploit this vulnerability to obtain unencrypted packets

Trust: 2.25

sources: NVD: CVE-2011-4667 // JVNDB: JVNDB-2011-005405 // CNVD: CNVD-2017-33214 // VULHUB: VHN-52612

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33214

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:5.0\(5\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)t1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxi

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-33214 // JVNDB: JVNDB-2011-005405 // CNNVD: CNNVD-201709-1166 // NVD: CVE-2011-4667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4667
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4667
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33214
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-1166
value: MEDIUM

Trust: 0.6

VULHUB: VHN-52612
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4667
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33214
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-52612
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2011-4667
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33214 // VULHUB: VHN-52612 // JVNDB: JVNDB-2011-005405 // CNNVD: CNNVD-201709-1166 // NVD: CVE-2011-4667

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-52612 // JVNDB: JVNDB-2011-005405 // NVD: CVE-2011-4667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1166

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005405

PATCH
title:Release Notes for Cisco IOS Release 12.2SXurl:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/caveats_SXI_rebuilds.html
Trust: 0.8
title:Cisco-SA-20120913-CVE-2011-4667url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120913-CVE-2011-4667
Trust: 0.8
title:Patch for Multiple Cisco Product Information Disclosure Vulnerabilities (CNVD-2017-33214)url:https://www.cnvd.org.cn/patchInfo/show/105709
Trust: 0.6
title:Multiple Cisco Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75114
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33214 // 
            
            
            
            JVNDB: JVNDB-2011-005405 // 
            
            
            
            CNNVD: CNNVD-201709-1166

EXTERNAL IDS
db:NVDid:CVE-2011-4667
Trust: 3.1
db:JVNDBid:JVNDB-2011-005405
Trust: 0.8
db:CNNVDid:CNNVD-201709-1166
Trust: 0.7
db:CNVDid:CNVD-2017-33214
Trust: 0.6
db:VULHUBid:VHN-52612
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33214 // 
            
            
            
            VULHUB: VHN-52612 // 
            
            
            
            JVNDB: JVNDB-2011-005405 // 
            
            
            
            CNNVD: CNNVD-201709-1166 // 
            
            
            
            NVD: CVE-2011-4667

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120913-cve-2011-4667
Trust: 2.3
url:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2sx/release/notes/ol_14271/caveats_sxi_rebuilds.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4667
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2011-4667
Trust: 0.8
url:http://cve.killedkenny.io/cve/cve-2011-4667
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33214 // 
            
            
            
            VULHUB: VHN-52612 // 
            
            
            
            JVNDB: JVNDB-2011-005405 // 
            
            
            
            CNNVD: CNNVD-201709-1166 // 
            
            
            
            NVD: CVE-2011-4667

SOURCES
db:CNVDid:CNVD-2017-33214
db:VULHUBid:VHN-52612
db:JVNDBid:JVNDB-2011-005405
db:CNNVDid:CNNVD-201709-1166
db:NVDid:CVE-2011-4667

LAST UPDATE DATE
2024-08-14T15:18:38.691000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33214date:2017-11-09T00:00:00
db:VULHUBid:VHN-52612date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2011-005405date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1166date:2017-09-29T00:00:00
db:NVDid:CVE-2011-4667date:2017-10-06T17:30:00.557

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33214date:2017-11-09T00:00:00
db:VULHUBid:VHN-52612date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2011-005405date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1166date:2017-09-29T00:00:00
db:NVDid:CVE-2011-4667date:2017-09-25T21:29:00.180