Details of VAR-201110-0152

ID

VAR-201110-0152

CVE

CVE-2011-2059

TITLE

Cisco IOS of ipv6 Vulnerabilities that induce fingerprinting attacks on components

Trust: 0.8

sources: JVNDB: JVNDB-2011-002599

DESCRIPTION

The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219. Cisco IOS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information about the presence of the IOS operating system. Information obtained may aid in further attacks. This vulnerability is tracked by Cisco Bug ID CSCtq02219

Trust: 1.98

sources: NVD: CVE-2011-2059 // JVNDB: JVNDB-2011-002599 // BID: 50379 // VULHUB: VHN-50004

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lt	version:	15.1\(4\)m1.3	Trust: 1.0
vendor:	cisco	model:	ios 15.1 s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios	scope:	lt	version:	15.1(4)m1.3	Trust: 0.8
vendor:	cisco	model:	ios 15.1 t4	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t3	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1 t	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 15.1ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m5a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0sa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios m	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 t2a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m1.3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1m	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0mra	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 xa5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 m2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.0	Trust: 0.3
vendor:	cisco	model:	ios 15.1 xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s3a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 s4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0 m1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1gc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1 s2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.0mr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.1s	scope:	-	version:	-	Trust: 0.3

sources: BID: 50379 // JVNDB: JVNDB-2011-002599 // NVD: CVE-2011-2059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2059
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2059
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201110-568
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-50004
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2059
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50004
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50004 // JVNDB: JVNDB-2011-002599 // CNNVD: CNNVD-201110-568 // NVD: CVE-2011-2059

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-50004 // JVNDB: JVNDB-2011-002599 // NVD: CVE-2011-2059

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-568

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201110-568

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002599

PATCH

title:	IPS Signatures	url:	http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=36606&signatureSubId=0	Trust: 0.8
title:	VMSA-2012-0001	url:	http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0001.html	Trust: 0.8
title:	Cisco IOS ipv6 Fixes for component information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118224	Trust: 0.6

sources: JVNDB: JVNDB-2011-002599 // CNNVD: CNNVD-201110-568

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2059	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-002599	Trust: 0.8
db:	CNNVD	id:	CNNVD-201110-568	Trust: 0.7
db:	BID	id:	50379	Trust: 0.4
db:	VULHUB	id:	VHN-50004	Trust: 0.1

sources: VULHUB: VHN-50004 // BID: 50379 // JVNDB: JVNDB-2011-002599 // CNNVD: CNNVD-201110-568 // NVD: CVE-2011-2059

REFERENCES

url:	http://blogs.cisco.com/security/1999tcp-redux-the-ipv6-flavor	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewipssignature.x?signatureid=36606&signaturesubid=0	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2059	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2059	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewipssignature.x?signatureid=36606&signaturesubid=0	Trust: 0.1

sources: VULHUB: VHN-50004 // BID: 50379 // JVNDB: JVNDB-2011-002599 // CNNVD: CNNVD-201110-568 // NVD: CVE-2011-2059

CREDITS

Cisco

Trust: 0.3

sources: BID: 50379

SOURCES

db:	VULHUB	id:	VHN-50004
db:	BID	id:	50379
db:	JVNDB	id:	JVNDB-2011-002599
db:	CNNVD	id:	CNNVD-201110-568
db:	NVD	id:	CVE-2011-2059

LAST UPDATE DATE

2025-04-11T23:12:09.351000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-50004	date:	2020-05-11T00:00:00
db:	BID	id:	50379	date:	2011-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2011-002599	date:	2011-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201110-568	date:	2020-05-12T00:00:00
db:	NVD	id:	CVE-2011-2059	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-50004	date:	2011-10-22T00:00:00
db:	BID	id:	50379	date:	2011-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2011-002599	date:	2011-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201110-568	date:	2011-10-22T00:00:00
db:	NVD	id:	CVE-2011-2059	date:	2011-10-22T02:59:19.323