CVE-2011-3295Improper Input Validation in Cisco IOS XR

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 30.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMay 2
Latest updateMay 17

Description

The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios_xr14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-97q3-6fvf-c4mg: The NETIO and IPV4_IO processes in Cisco IOS XR 32022-05-17
CVEList
CVE-2011-3295: The NETIO and IPV4_IO processes in Cisco IOS XR 32012-05-02
CVE-2011-3295 — Improper Input Validation in Cisco | cvebase