Sign-up

ID

VAR-201101-0322


CVE

CVE-2010-4685


TITLE

Cisco IOS Vulnerabilities that can be bypassed by certificate maps

Trust: 0.8

sources: JVNDB: JVNDB-2011-001128

DESCRIPTION

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. Cisco IOS is prone to multiple denial-of-service vulnerabilities and a security-bypass vulnerability. Exploiting these issues can allow attackers to bypass certain security restrictions or to cause denial-of-service conditions. Versions prior to Cisco IOS 15.0(1)XA1 are vulnerable. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 RELEASE DATE: 2011-01-18 DISCUSS ADVISORY: http://secunia.com/advisories/42917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload. 2) An error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device. 3) A memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet. This can be exploited to reconnect and bypass the certificate ban. 5) A memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-4685 // JVNDB: JVNDB-2011-001128 // BID: 45769 // VULHUB: VHN-47290 // PACKETSTORM: 97604

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:ltversion:15.0\(1\)xa1

Trust: 1.0

vendor:ciscomodel:iosscope:ltversion:15.0 (1)xa1

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.2scd

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2xs

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2xq

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2sva

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2srd

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2mrb

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2src

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2xn

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2ste

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.2xr

Trust: 0.6

vendor:ciscomodel:ios 15.0 xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios mscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 xa1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:15.0

Trust: 0.3

vendor:ciscomodel:ios 15.0 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.0 m3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios m3scope:eqversion:15.0

Trust: 0.3

sources: BID: 45769 // JVNDB: JVNDB-2011-001128 // CNNVD: CNNVD-201101-063 // NVD: CVE-2010-4685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4685
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4685
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201101-063
value: MEDIUM

Trust: 0.6

VULHUB: VHN-47290
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4685
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47290
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47290 // JVNDB: JVNDB-2011-001128 // CNNVD: CNNVD-201101-063 // NVD: CVE-2010-4685

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-47290 // JVNDB: JVNDB-2011-001128 // NVD: CVE-2010-4685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-063

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201101-063

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001128

PATCH
title:22291url:http://tools.cisco.com/security/center/viewAlert.x?alertId=22291
Trust: 0.8
title:Release Notes for Cisco 800 Series Routers with Cisco IOS Release 15.0(1)XAurl:http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf
Trust: 0.8
title:Cisco IOS XA1 Certificate Disabled Bypass Vulnerability Repair Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119055
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-001128 // 
            
            
            
            CNNVD: CNNVD-201101-063

EXTERNAL IDS
db:NVDid:CVE-2010-4685
Trust: 2.8
db:BIDid:45769
Trust: 2.8
db:SECUNIAid:42917
Trust: 0.9
db:VUPENid:ADV-2011-0129
Trust: 0.8
db:XFid:64586
Trust: 0.8
db:JVNDBid:JVNDB-2011-001128
Trust: 0.8
db:CNNVDid:CNNVD-201101-063
Trust: 0.7
db:VULHUBid:VHN-47290
Trust: 0.1
db:PACKETSTORMid:97604
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47290 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001128 // 
            
            
            
            PACKETSTORM: 97604 // 
            
            
            
            CNNVD: CNNVD-201101-063 // 
            
            
            
            NVD: CVE-2010-4685

REFERENCES
url:http://www.securityfocus.com/bid/45769
Trust: 2.5
url:http://www.cisco.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdf
Trust: 2.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/64586
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4685
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/64586
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4685
Trust: 0.8
url:http://secunia.com/advisories/42917
Trust: 0.8
url:http://www.vupen.com/english/advisories/2011/0129
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42917
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/42917/#comments
Trust: 0.1
url:http://secunia.com/advisories/42917/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47290 // 
            
            
            
            BID: 45769 // 
            
            
            
            JVNDB: JVNDB-2011-001128 // 
            
            
            
            PACKETSTORM: 97604 // 
            
            
            
            CNNVD: CNNVD-201101-063 // 
            
            
            
            NVD: CVE-2010-4685

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 45769

SOURCES
db:VULHUBid:VHN-47290
db:BIDid:45769
db:JVNDBid:JVNDB-2011-001128
db:PACKETSTORMid:97604
db:CNNVDid:CNNVD-201101-063
db:NVDid:CVE-2010-4685

LAST UPDATE DATE
2025-04-11T22:50:18.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47290date:2020-05-19T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001128date:2011-02-25T00:00:00
db:CNNVDid:CNNVD-201101-063date:2020-05-20T00:00:00
db:NVDid:CVE-2010-4685date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-47290date:2011-01-07T00:00:00
db:BIDid:45769date:2011-01-11T00:00:00
db:JVNDBid:JVNDB-2011-001128date:2011-02-25T00:00:00
db:PACKETSTORMid:97604date:2011-01-18T10:42:38
db:CNNVDid:CNNVD-201101-063date:2011-01-10T00:00:00
db:NVDid:CVE-2010-4685date:2011-01-07T19:00:20.610