CVE-2010-4685Improper Certificate Validation in Cisco IOS

CWE-295Improper Certificate Validation6 documents3 sources
Severity
10.0CRITICALNVD
NVD4.0CNA4.0
EPSS
0.2%
top 61.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJan 7
Latest updateMay 17

Description

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios< 15.0\(1\)xa1+2

🔴Vulnerability Details

4
GHSA
GHSA-w87f-j522-95hp: The PKI functionality in Cisco IOS 152022-05-17
GHSA
GHSA-jr27-6h3m-pqqq: Cisco IOS before 152022-05-13
CVEList
CVE-2011-0935: The PKI functionality in Cisco IOS 152011-04-14
CVEList
CVE-2010-4685: Cisco IOS before 152011-01-07
CVE-2010-4685 — Improper Certificate Validation | cvebase