CVE-2011-0949Cisco IOS XR vulnerability

CWE-3993 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMay 31
Latest updateMay 17

Description

Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-2j4h-p58q-g7mp: Cisco IOS XR 32022-05-17
CVEList
CVE-2011-0949: Cisco IOS XR 32011-05-31
CVE-2011-0949 — Cisco IOS XR vulnerability | cvebase