CVE-2011-3271 : Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execu

Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.

Published 2011-10-03 23:55:04

Updated 2012-05-14 04:00:00

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-3271

Probability of exploitation activity in the next 30 days: 0.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-3271

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2011-3271

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4f.shtml

404 - Page Not Found - Cisco
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=24115

Cisco IOS Software Smart Install Arbitrary Code Execution Vulnerability

Products affected by CVE-2011-3271

Cisco » IOS » Version: 12.2
cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
Matching versions
Cisco » IOS » Version: 15.1
cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-3271

Exploit prediction scoring system (EPSS) score for CVE-2011-3271

CVSS scores for CVE-2011-3271

References for CVE-2011-3271

Products affected by CVE-2011-3271