Details of VAR-202002-0085

ID

VAR-202002-0085

CVE

CVE-2011-4661

TITLE

Cisco IOS Vulnerability regarding lack of resource release after valid lifetime in

Trust: 0.8

sources: JVNDB: JVNDB-2011-005621

DESCRIPTION

A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. Cisco IOS Is vulnerable to a lack of resource release after a valid lifetime.Service operation interruption (DoS) It may be put into a state. Cisco IOS is an operating system developed by Cisco for its network equipment. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2011-4661 // JVNDB: JVNDB-2011-005621 // VULHUB: VHN-52606 // VULMON: CVE-2011-4661

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lt	version:	15.2\(1\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2(1)t	Trust: 0.8

sources: JVNDB: JVNDB-2011-005621 // NVD: CVE-2011-4661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4661
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2011-005621
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202002-694
value:	HIGH
Trust: 0.6
VULHUB:	VHN-52606
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-4661
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4661
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2011-005621
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-52606
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2011-4661
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2011-005621
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-52606 // VULMON: CVE-2011-4661 // JVNDB: JVNDB-2011-005621 // CNNVD: CNNVD-202002-694 // NVD: CVE-2011-4661

PROBLEMTYPE DATA

problemtype:

CWE-772

Trust: 1.9

sources: VULHUB: VHN-52606 // JVNDB: JVNDB-2011-005621 // NVD: CVE-2011-4661

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-694

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-694

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005621

PATCH

title:	Cross-Platform Release Notes for Cisco IOS Release 15.2M&T	url:	https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html	Trust: 0.8
title:	Cisco IOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110924	Trust: 0.6

sources: JVNDB: JVNDB-2011-005621 // CNNVD: CNNVD-202002-694

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4661	Trust: 2.6
db:	JVNDB	id:	JVNDB-2011-005621	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-694	Trust: 0.7
db:	VULHUB	id:	VHN-52606	Trust: 0.1
db:	VULMON	id:	CVE-2011-4661	Trust: 0.1

sources: VULHUB: VHN-52606 // VULMON: CVE-2011-4661 // JVNDB: JVNDB-2011-005621 // CNNVD: CNNVD-202002-694 // NVD: CVE-2011-4661

REFERENCES

url:	https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1tcavs.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2011-4661	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4661	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/772.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-52606 // VULMON: CVE-2011-4661 // JVNDB: JVNDB-2011-005621 // CNNVD: CNNVD-202002-694 // NVD: CVE-2011-4661

SOURCES

db:	VULHUB	id:	VHN-52606
db:	VULMON	id:	CVE-2011-4661
db:	JVNDB	id:	JVNDB-2011-005621
db:	CNNVD	id:	CNNVD-202002-694
db:	NVD	id:	CVE-2011-4661

LAST UPDATE DATE

2024-08-14T15:28:17.450000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-52606	date:	2020-03-02T00:00:00
db:	VULMON	id:	CVE-2011-4661	date:	2020-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2011-005621	date:	2020-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202002-694	date:	2020-05-15T00:00:00
db:	NVD	id:	CVE-2011-4661	date:	2020-03-02T15:10:50.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-52606	date:	2020-02-12T00:00:00
db:	VULMON	id:	CVE-2011-4661	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-005621	date:	2020-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202002-694	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2011-4661	date:	2020-02-12T17:15:11.593