CVE-2011-4661Missing Release of Resource after Effective Lifetime in Cisco IOS

CWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedFeb 12
Latest updateApr 22

Description

A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios< 15.2\(1\)t
CVEListV5cisco/iosbefore 15.2(1)T

🔴Vulnerability Details

2
GHSA
GHSA-97hh-xg4h-8gvc: A memory leak vulnerability exists in Cisco IOS before 152022-04-22
CVEList
CVE-2011-4661: A memory leak vulnerability exists in Cisco IOS before 152020-02-12

💬Community

1
Bugzilla
CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw2010-12-17
CVE-2011-4661 — Cisco IOS vulnerability | cvebase