CVE-2011-2581

Published Sep 14, 2011

Last updated a month ago

CVSS info 5.0

Overview

Description: The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:nx-os:5.0\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "464FDB26-D6B4-41A4-83F4-8C7D21F3AC51"
          },
          {
            "criteria": "cpe:2.3:a:cisco:nx-os:5.0\\(3\\)n1\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD01F15F-2465-4998-A6F7-AD9D4B3468AB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:nx-os:5.0\\(3\\)n1\\(1a\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3709E352-CEEC-402A-BEF8-3E5A5646DA6E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:nx-os:5.0\\(3\\)n1\\(1b\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "023C7483-94B7-47AC-AB57-978A57D85148"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16131960-37FE-4154-A82C-E3249B066DC4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1c\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4B91092-DE54-4591-9C0F-A22A04AB71E9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFB04F2B-04E2-4EB1-83BA-4F7537AF1099"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BD515AB-ECE5-480F-AA30-172CF4161834",
            "versionEndIncluding": "5.0\\(3\\)u1\\(2\\)"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1a\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8C124BA-D5FC-422A-B3F4-AC1A41B7EEE3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1b\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F358E8D0-624B-412A-8726-B8AF96156317"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1d\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A4CE07-64FF-4C5C-81FF-A2388818CF7F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61F9825B-DD64-4E38-9AE0-F87C210ADD9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References