cve-2011-0946

Vulnerability from cvelistv5

Published

2011-10-03 23:00

Modified

2024-09-16 18:08

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=24117	Vendor Advisory
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=24117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
          },
          {
            "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-10-03T23:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
        },
        {
          "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
            },
            {
              "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-0946",
    "datePublished": "2011-10-03T23:00:00Z",
    "dateReserved": "2011-02-10T00:00:00Z",
    "dateUpdated": "2024-09-16T18:08:26.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA5F84EF-1C19-4AB3-BD01-A3DE47B2A46A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E021FDA-0D92-4A81-8721-EED507426922\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndIncluding\": \"12.4\", \"matchCriteriaId\": \"58CAA286-3C87-44E6-8EDB-7677D9C5A893\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndIncluding\": \"15.1\", \"matchCriteriaId\": \"537031DB-5ADF-475E-BFFA-9092652BF2B6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de NAT en Cisco IOS v12.1 a v12.4 y v15.0 a v15.1, y en Cisco IOS XE v3.1.xSG, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (reinicio o bloqueo del dispositivo) a trav\\u00e9s de tr\\u00e1fico LDAP mal formado de Directorio de NetMeeting (tambi\\u00e9n conocido como Internet Locator Service o ILS). Se trata de un problema tambi\\u00e9n conocido como Bug ID CSCtd10712.\"}]",
      "id": "CVE-2011-0946",
      "lastModified": "2024-11-21T01:25:11.980",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-10-03T23:55:03.423",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=24117\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=24117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0946\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2011-10-03T23:55:03.423\",\"lastModified\":\"2024-11-21T01:25:11.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de NAT en Cisco IOS v12.1 a v12.4 y v15.0 a v15.1, y en Cisco IOS XE v3.1.xSG, permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio o bloqueo del dispositivo) a trav\u00e9s de tr\u00e1fico LDAP mal formado de Directorio de NetMeeting (tambi\u00e9n conocido como Internet Locator Service o ILS). Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtd10712.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA5F84EF-1C19-4AB3-BD01-A3DE47B2A46A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E021FDA-0D92-4A81-8721-EED507426922\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"58CAA286-3C87-44E6-8EDB-7677D9C5A893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndIncluding\":\"15.1\",\"matchCriteriaId\":\"537031DB-5ADF-475E-BFFA-9092652BF2B6\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=24117\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=24117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2011-0946

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-0946

Aliases

CVE-2011-0946

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0946",
    "description": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.",
    "id": "GSD-2011-0946"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0946"
      ],
      "details": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.",
      "id": "GSD-2011-0946",
      "modified": "2023-12-13T01:19:04.305519Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-0946",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
          },
          {
            "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.1",
                "versionStartIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.4",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-0946"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110928 Cisco IOS Software Network Address Translation Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-06-02T17:24Z",
      "publishedDate": "2011-10-03T23:55Z"
    }
  }
}

cve-2011-0946

Vulnerability from fkie_nvd

Published

2011-10-03 23:55

Modified

2024-11-21 01:25

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=24117	Vendor Advisory
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=24117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	3.1.0sg
cisco	ios_xe	3.1.1sg
cisco	ios	*
cisco	ios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5F84EF-1C19-4AB3-BD01-A3DE47B2A46A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E021FDA-0D92-4A81-8721-EED507426922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58CAA286-3C87-44E6-8EDB-7677D9C5A893",
              "versionEndIncluding": "12.4",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "537031DB-5ADF-475E-BFFA-9092652BF2B6",
              "versionEndIncluding": "15.1",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de NAT en Cisco IOS v12.1 a v12.4 y v15.0 a v15.1, y en Cisco IOS XE v3.1.xSG, permite a atacantes remotos causar una denegaci\u00f3n de servicio (reinicio o bloqueo del dispositivo) a trav\u00e9s de tr\u00e1fico LDAP mal formado de Directorio de NetMeeting (tambi\u00e9n conocido como Internet Locator Service o ILS). Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtd10712."
    }
  ],
  "id": "CVE-2011-0946",
  "lastModified": "2024-11-21T01:25:11.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-03T23:55:03.423",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006.

For more information: SA46179

The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

Advisory ID: cisco-sa-20110928-nat

Revision 1.0

For Public Release 2011 Sep 28 1600 UTC (GMT)

+--------------------------------------------------------------------

Summary

The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:

NetMeeting Directory (Lightweight Directory Access Protocol, LDAP)
Session Initiation Protocol (Multiple vulnerabilities)
H.323 protocol

All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.

Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication.

Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html

Affected Products

Vulnerable Products +------------------

Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features:

NetMeeting Directory NAT (LDAP on TCP port 389)
NAT for Session Initiation Protocol (SIP)
NAT for H.323

The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active:

Router#show ip nat statistics

Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135  Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool mypool refcount 2
 pool mypool: netmask 255.255.255.0
        start 192.168.10.1 end 192.168.10.254
        type generic, total addresses 14, allocated 2 (14%), misses 0

Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command:

Router> show ip nat statistics | section interfaces
Outside interfaces:
  GigabitEthernet0/0
Inside interfaces:
  GigabitEthernet0/1
Router>

Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present.

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc. 
Compiled Wed 02-Dec-09 17:17 by prod_rel_team


!--- output truncated

Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide.

Products Confirmed Not Vulnerable +--------------------------------

No other Cisco products are currently known to be affected by these vulnerabilities.

Details

NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------

LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable.

This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature.

This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946.

NAT for SIP DoS Vulnerabilities +------------------------------

Four vulnerabilities in the NAT for SIP feature are described in this document:

NAT of SIP over TCP vulnerability: Crafted SIP packets on TCP port 5060 could cause unpredictable results, including the reload of the vulnerable device. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276.

Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device.

NAT of crafted SIP over UDP packets DoS vulnerabilities: There are two DoS vulnerabilities related to similar crafted packets on UDP port 5060 that require SIP translation: the first is a vulnerability that will cause the device to reload and the second will cause a memory leak that could lead to a DoS condition, including reload of the vulnerable device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280.

NAT of H.323 Packets DoS Vulnerability +-------------------------------------

Transit crafted H.323 packets on TCP port 1720 could cause a reload of the vulnerable device. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277.

Vulnerability Scoring Details

Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

CSCtd10712 ("NAT LDAP Vulnerability")