CVE-2011-4661 - OpenCVE

A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Ios

Configuration 1 [-]

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-12T16:43:39

Updated: 2020-02-12T16:43:39

Reserved: 2011-12-01T00:00:00

Link: CVE-2011-4661

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-12T17:15:11.593

Modified: 2020-03-02T15:10:50.900

Link: CVE-2011-4661

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6F15326-75ED-4ABC-A49E-4418A0614CBE", "versionEndExcluding": "15.2\\(1\\)t", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de p\u00e9rdida de memoria en Cisco IOS versiones anteriores a 15.2(1)T, debido a una p\u00e9rdida de memoria en el proceso de HTTP PROXY Server (tambi\u00e9n se conoce como CSCtu52820), cuando se configur\u00f3 con Cisco ISR Web Security con Cisco ScanSafe y User Authenticaiton NTLM configurado."}], "id": "CVE-2011-4661", "lastModified": "2020-03-02T15:10:50.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T17:15:11.593", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}