Details of VAR-201101-0321

ID

VAR-201101-0321

CVE

CVE-2010-4684

TITLE

Cisco IOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-001127

DESCRIPTION

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Trust: 1.98

sources: NVD: CVE-2010-4684 // JVNDB: JVNDB-2011-001127 // BID: 45769 // VULHUB: VHN-47289

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lt	version:	15.0\(1\)xa1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lt	version:	15.0 (1)xa1	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)ew	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(12c\)ec	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)ea1c	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(12c\)e7	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)ea1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)e17	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(12c\)ev01	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(13\)e7	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1\(12b\)	Trust: 0.6
vendor:	cisco	model:	ios 15.0 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios m	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios m3	scope:	eq	version:	15.0	Trust: 0.3

sources: BID: 45769 // JVNDB: JVNDB-2011-001127 // CNNVD: CNNVD-201101-062 // NVD: CVE-2010-4684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4684
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-4684
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201101-062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-47289
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-4684
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-47289
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-47289 // JVNDB: JVNDB-2011-001127 // CNNVD: CNNVD-201101-062 // NVD: CVE-2010-4684

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-47289 // JVNDB: JVNDB-2011-001127 // NVD: CVE-2010-4684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-062

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201101-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001127

PATCH

title:	22291	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=22291	Trust: 0.8
title:	Release Notes for Cisco 800 Series Routers with Cisco IOS Release 15.0(1)XA	url:	http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf	Trust: 0.8
title:	Cisco IOS XA5 TFTP Fixing measures for copy denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118982	Trust: 0.6

sources: JVNDB: JVNDB-2011-001127 // CNNVD: CNNVD-201101-062

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4684	Trust: 2.8
db:	BID	id:	45769	Trust: 2.8
db:	XF	id:	64587	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0129	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001127	Trust: 0.8
db:	CNNVD	id:	CNNVD-201101-062	Trust: 0.7
db:	VULHUB	id:	VHN-47289	Trust: 0.1

sources: VULHUB: VHN-47289 // BID: 45769 // JVNDB: JVNDB-2011-001127 // CNNVD: CNNVD-201101-062 // NVD: CVE-2010-4684

REFERENCES

url:	http://www.securityfocus.com/bid/45769	Trust: 2.5
url:	http://www.cisco.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdf	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/64587	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4684	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/64587	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4684	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0129	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-47289 // BID: 45769 // JVNDB: JVNDB-2011-001127 // CNNVD: CNNVD-201101-062 // NVD: CVE-2010-4684

CREDITS

Cisco

Trust: 0.3

sources: BID: 45769

SOURCES

db:	VULHUB	id:	VHN-47289
db:	BID	id:	45769
db:	JVNDB	id:	JVNDB-2011-001127
db:	CNNVD	id:	CNNVD-201101-062
db:	NVD	id:	CVE-2010-4684

LAST UPDATE DATE

2025-04-11T22:50:18.241000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-47289	date:	2020-05-18T00:00:00
db:	BID	id:	45769	date:	2011-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-001127	date:	2011-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201101-062	date:	2020-05-19T00:00:00
db:	NVD	id:	CVE-2010-4684	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-47289	date:	2011-01-07T00:00:00
db:	BID	id:	45769	date:	2011-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-001127	date:	2011-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201101-062	date:	2011-01-10T00:00:00
db:	NVD	id:	CVE-2010-4684	date:	2011-01-07T19:00:20.547