Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0935

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-0935
Last Modified 20 Apr 2011 10:33:12
Published 14 Apr 2011 12:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0935

Summary

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

Vulnerable Systems

Operating System

  • Cisco Ios 15.0

  • Cisco Ios 15.1


References

BID - 47407

CONFIRM - http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html

CONFIRM - http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html


Last Updated: 27 May 2016 10:56:06