CVE-2011-3272Out-of-bounds Write in Cisco IOS

CWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 30.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedOct 3
Latest updateMay 17

Description

The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios15.1
NVDcisco/ios_xe29 versions+28

🔴Vulnerability Details

2
GHSA
GHSA-88jf-g6wv-f58r: The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 152022-05-17
CVEList
CVE-2011-3272: The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 152011-10-03

📋Vendor Advisories

1
Cisco
Cisco IOS Software IP Service Level Agreement Vulnerability2011-09-28
CVE-2011-3272 — Out-of-bounds Write in Cisco IOS | cvebase