FKIE_CVE-2011-0935

Vulnerability from fkie_nvd - Published: 2011-04-14 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.
References
psirt@cisco.comhttp://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html
psirt@cisco.comhttp://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html
psirt@cisco.comhttp://www.securityfocus.com/bid/47407
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47407
Impacted products
Vendor Product Version
cisco ios 15.0
cisco ios 15.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB41294E-F3DF-4F1E-A4C8-E90B21A88836",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de PKI en Cisco IOS v15.0 y v15.1 no impide el almacenamiento en cach\u00e9 permanente de ciertas claves p\u00fablicas, lo que permite evitar la autenticaci\u00f3n a atacantes remotos y tener otros impactos no especificados mediante el aprovechamiento de una relaci\u00f3n IKE en el que una clave que ha sido v\u00e1lida es posteriormente revocada. Vulnerabilidad tambi\u00e9n conocida como Bug ID CSCth82164. Se trata de una vulnerabilidad diferente a CVE-2010-4685.\r\n"
    }
  ],
  "evaluatorImpact": "CVSS score derived from:\r\n\r\nhttp://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_2s.html",
  "id": "CVE-2011-0935",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-14T16:55:01.317",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/47407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47407"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.