CVE-2011-0935Improper Check for Certificate Revocation in Cisco IOS

CWE-299Improper Check for Certificate Revocation4 documents4 sources
Severity
10.0CRITICALNVD
CNA4.0
EPSS
1.6%
top 18.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedApr 14
Latest updateMay 17

Description

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios15.0, 15.1+1

🔴Vulnerability Details

2
GHSA
GHSA-w87f-j522-95hp: The PKI functionality in Cisco IOS 152022-05-17
CVEList
CVE-2011-0935: The PKI functionality in Cisco IOS 152011-04-14

📐Framework References

1
CWE
Improper Check for Certificate Revocation
CVE-2011-0935 — Cisco IOS vulnerability | cvebase