CVE-2011-4007Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMay 2
Latest updateMay 17

Description

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios15.0, 15.1+1
NVDcisco/ios_xe19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-wpxw-h4r4-3xjx: Cisco IOS 152022-05-17
CVEList
CVE-2011-4007: Cisco IOS 152012-05-02
CVE-2011-4007 — Improper Input Validation in Cisco IOS | cvebase