Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4007

Overview

Vulnerability Score 5.4 5.4
CVE Id CVE-2011-4007
Last Modified 29 Oct 2012 11:57:18
Published 02 May 2012 06:09:21
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-4007

Summary

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.

Vulnerable Systems

Operating System

  • Cisco Ios 15.0

  • Cisco Ios 15.1

  • Cisco Ios Xe 3.1.0s

  • Cisco Ios Xe 3.1.0sg

  • Cisco Ios Xe 3.1.1s

  • Cisco Ios Xe 3.1.1sg

  • Cisco Ios Xe 3.1.2s

  • Cisco Ios Xe 3.1.3s

  • Cisco Ios Xe 3.1.4s

  • Cisco Ios Xe 3.2.0s

  • Cisco Ios Xe 3.2.0sg

  • Cisco Ios Xe 3.2.1s

  • Cisco Ios Xe 3.2.1sg

  • Cisco Ios Xe 3.2.2s

  • Cisco Ios Xe 3.3.0s

  • Cisco Ios Xe 3.3.1s

  • Cisco Ios Xe 3.3.2s

  • Cisco Ios Xe 3.3.3s

  • Cisco Ios Xe 3.4.0s

  • Cisco Ios Xe 3.4.1s

  • Cisco Ios Xe 3.5.0s


References

CONFIRM - http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_33s.html

SECTRACK - 1027005


Last Updated: 27 May 2016 10:56:28