CVE-2011-0348

2011-01-2822:00:05

CWE-264

[email protected]

web.nvd.nist.gov

cisco

ios

security

vulnerability

cve-2011-0348

csctk35917

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.

Affected configurations

NVD

Node

ciscoiosMatch12.4\(11\)md

ciscoiosMatch12.4\(15\)md

ciscoiosMatch12.4\(22\)md

ciscoiosMatch12.4\(22\)mda

ciscoiosMatch12.4\(24\)md

ciscoiosMatch12.4\(24\)md1

ciscoiosMatch12.4\(24\)mda

AND

ciscocontent_services_gateway_second_generation

CPENameOperatorVersion
cisco:ioscisco ioseq12.4\(11\)md
cisco:ioscisco ioseq12.4\(15\)md
cisco:ioscisco ioseq12.4\(22\)md
cisco:ioscisco ioseq12.4\(22\)mda
cisco:ioscisco ioseq12.4\(24\)md
cisco:ioscisco ioseq12.4\(24\)md1
cisco:ioscisco ioseq12.4\(24\)mda

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	12.4\(11\)md
cisco:ios	cisco ios	eq	12.4\(15\)md
cisco:ios	cisco ios	eq	12.4\(22\)md
cisco:ios	cisco ios	eq	12.4\(22\)mda
cisco:ios	cisco ios	eq	12.4\(24\)md
cisco:ios	cisco ios	eq	12.4\(24\)md1
cisco:ios	cisco ios	eq	12.4\(24\)mda