CVE-2011-0949

2022-10-0316:15:18

CWE-399

[email protected]

web.nvd.nist.gov

cisco

ios xr

denial of service

disk consumption

sshv1

vulnerability

cve-2011-0949

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

JSON

Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.

Affected configurations

NVD

Node

ciscoios_xrMatch3.6.0

ciscoios_xrMatch3.6.1

ciscoios_xrMatch3.6.2

ciscoios_xrMatch3.6.3

ciscoios_xrMatch3.8.0

ciscoios_xrMatch3.8.1

ciscoios_xrMatch3.8.2

ciscoios_xrMatch3.9.0

CPENameOperatorVersion
cisco:ios_xrcisco ios xreq3.6.0
cisco:ios_xrcisco ios xreq3.6.1
cisco:ios_xrcisco ios xreq3.6.2
cisco:ios_xrcisco ios xreq3.6.3
cisco:ios_xrcisco ios xreq3.8.0
cisco:ios_xrcisco ios xreq3.8.1
cisco:ios_xrcisco ios xreq3.8.2
cisco:ios_xrcisco ios xreq3.9.0

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	eq	3.6.0
cisco:ios_xr	cisco ios xr	eq	3.6.1
cisco:ios_xr	cisco ios xr	eq	3.6.2
cisco:ios_xr	cisco ios xr	eq	3.6.3
cisco:ios_xr	cisco ios xr	eq	3.8.0
cisco:ios_xr	cisco ios xr	eq	3.8.1
cisco:ios_xr	cisco ios xr	eq	3.8.2
cisco:ios_xr	cisco ios xr	eq	3.9.0