CVE-2011-0348

{"id": "CVE-2011-0348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-28T22:00:05.787", "references": [{"url": "http://osvdb.org/70720", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/43052", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1024992", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6791d.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/46022", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0229", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64936", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917."}, {"lang": "es", "value": "Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD antes de 12.4(24)MD3, 12.4(22)MDA anterior a 12.4(22)MDA5, y 12.4(24)MDA anterior a 12.4(24)MDA3 en el Cisco Content Services Gateway de segunda generaci\u00f3n (tambi\u00e9n conocido como CSG2) permite a atacantes remotos evitar las restricciones de acceso establecidas y restricciones de facturaci\u00f3n mediante el env\u00edo de tr\u00e1fico HTTP a un destino restringido despu\u00e9s de enviar el tr\u00e1fico HTTP a un destino sin restricciones, tambi\u00e9n conocido como Bug ID CSCtk35917."}], "lastModified": "2017-08-17T01:33:27.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:12.4\\(11\\)md:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92AD4889-F6B6-4497-A589-8632A1850965"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(15\\)md:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE0233F4-AA5D-47C3-934A-4BA793DD4A2E"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(22\\)md:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "498A43E2-5A03-46C9-B60D-8E7CE79F1705"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(22\\)mda:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EB30791-A691-42DD-8714-B173242EDBBF"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(24\\)md:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539454C8-EA90-4146-9429-72465CF555FE"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(24\\)md1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E44F5F4-D7FE-4B9C-BA65-2365EF7A8092"}, {"criteria": "cpe:2.3:o:cisco:ios:12.4\\(24\\)mda:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0F2A946-AD8A-4644-8630-5951B66E4B34"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:content_services_gateway_second_generation:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A7759766-DE4B-42DE-BFB9-0EA6E08C89F6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}