CVE-2011-2586Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMay 2
Latest updateMay 17

Description

The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios12.4, 15.0+1

🔴Vulnerability Details

2
GHSA
GHSA-4444-267r-x82x: The HTTP client in Cisco IOS 122022-05-17
CVEList
CVE-2011-2586: The HTTP client in Cisco IOS 122012-05-02
CVE-2011-2586 — Improper Input Validation in Cisco IOS | cvebase