Details of VAR-201205-0204

ID

VAR-201205-0204

CVE

CVE-2011-3283

TITLE

Cisco Carrier Routing System Service disruption in ( Metro subsystem crash ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-002212

DESCRIPTION

Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. The Cisco Carrier Routing System is a carrier-grade routing system. The system refuses service due to a special GRE packet fragmentation message. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCts14887

Trust: 2.52

sources: NVD: CVE-2011-3283 // JVNDB: JVNDB-2012-002212 // CNVD: CNVD-2012-2383 // BID: 55109 // VULHUB: VHN-51228

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-2383

AFFECTED PRODUCTS

vendor:	cisco	model:	carrier routing system	scope:	eq	version:	3.9.1	Trust: 3.3
vendor:	cisco	model:	carrier routing system	scope:	ne	version:	3.9.2	Trust: 0.3

sources: CNVD: CNVD-2012-2383 // BID: 55109 // JVNDB: JVNDB-2012-002212 // CNNVD: CNNVD-201205-034 // NVD: CVE-2011-3283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3283
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201205-034
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51228
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3283
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51228
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51228 // JVNDB: JVNDB-2012-002212 // CNNVD: CNNVD-201205-034 // NVD: CVE-2011-3283

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-51228 // JVNDB: JVNDB-2012-002212 // NVD: CVE-2011-3283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-034

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201205-034

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002212

PATCH

title:	Download Software / hfr-lc-3.9.1.CSCts14887.tar	url:	http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1	Trust: 0.8
title:	Cisco Carrier Routing System Special GRE Packet Fragment Packet Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/16751	Trust: 0.6

sources: CNVD: CNVD-2012-2383 // JVNDB: JVNDB-2012-002212

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3283	Trust: 3.4
db:	SECTRACK	id:	1027006	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-002212	Trust: 0.8
db:	CNNVD	id:	CNNVD-201205-034	Trust: 0.7
db:	CNVD	id:	CNVD-2012-2383	Trust: 0.6
db:	NSFOCUS	id:	19632	Trust: 0.6
db:	BID	id:	55109	Trust: 0.4
db:	VULHUB	id:	VHN-51228	Trust: 0.1

sources: CNVD: CNVD-2012-2383 // VULHUB: VHN-51228 // BID: 55109 // JVNDB: JVNDB-2012-002212 // CNNVD: CNNVD-201205-034 // NVD: CVE-2011-3283

REFERENCES

url:	http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1	Trust: 1.6
url:	http://www.securitytracker.com/id?1027006	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/75341	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3283	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3283	Trust: 0.8
url:	http://www.cisco.com/cisco/software/release.html?mdfid=280777815	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/19632	Trust: 0.6
url:	http://www.cisco.com/cisco/software/release.html?mdfid=279506669&catid=268437899&flowid=1915&reltype=all&relind=available&release=3.9.2&softwareid=280867577	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps5763/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1	Trust: 0.1

sources: CNVD: CNVD-2012-2383 // VULHUB: VHN-51228 // BID: 55109 // JVNDB: JVNDB-2012-002212 // CNNVD: CNNVD-201205-034 // NVD: CVE-2011-3283

CREDITS

Cisco

Trust: 0.3

sources: BID: 55109

SOURCES

db:	CNVD	id:	CNVD-2012-2383
db:	VULHUB	id:	VHN-51228
db:	BID	id:	55109
db:	JVNDB	id:	JVNDB-2012-002212
db:	CNNVD	id:	CNNVD-201205-034
db:	NVD	id:	CVE-2011-3283

LAST UPDATE DATE

2025-04-11T22:49:39.486000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-2383	date:	2012-05-09T00:00:00
db:	VULHUB	id:	VHN-51228	date:	2017-12-07T00:00:00
db:	BID	id:	55109	date:	2012-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-002212	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-034	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-3283	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-2383	date:	2012-05-09T00:00:00
db:	VULHUB	id:	VHN-51228	date:	2012-05-02T00:00:00
db:	BID	id:	55109	date:	2012-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-002212	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-034	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-3283	date:	2012-05-02T10:09:21.270