Vulnerability Details : CVE-2011-4012
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
Exploit prediction scoring system (EPSS) score for CVE-2011-4012
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4012
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2011-4012
-
http://www.securitytracker.com/id?1027005
Cisco IOS Multiple Bugs Let Remote Users Bypass Security Controls, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker
-
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXJ.html
Release Notes for Cisco IOS Release 12.2SX - Caveats in Release 12.2(33)SXJ and Rebuilds [Cisco Catalyst 6500 Series Switches] - Cisco
Products affected by CVE-2011-4012
- cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*