CVE-2011-1625

EPSS 0.33%
Published 18.08.2011 18:55:01
Last modified 11.04.2025 00:51:21
Source psirt@cisco.com
Teams watchlist Login
Open Login

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version12.2

Cisco ≫ Ios Version12.3

Cisco ≫ Ios Version12.4

Cisco ≫ Ios Version15.0

Cisco ≫ Ios Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.529

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:N/I:N/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.cisco.com/en/US/docs/cable/cmts/release/notes/12_2sc/uBR7200/122_33_SCF/caveats.html

https://nvd.nist.gov/vuln/detail/CVE-2011-1625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1625

EUVD