CVE-2011-0348Improper Enforcement of Behavioral Workflow in Cisco IOS

CWE-264CWE-399CWE-841Improper Enforcement of Behavioral Workflow5 documents5 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 34.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJan 28
Latest updateMay 17

Description

Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDcisco/ios7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-2gwh-vr5q-hm52: Cisco IOS 122022-05-17
CVEList
CVE-2011-0348: Cisco IOS 122011-01-28

📋Vendor Advisories

1
Cisco
Cisco Content Services Gateway Vulnerabilities2011-01-26

📐Framework References

1
CWE
Improper Enforcement of Behavioral Workflow
CVE-2011-0348 — Cisco IOS vulnerability | cvebase