CVE-2011-4016 — MEDIUM (5.4)

Vulnerability Description

The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Ios	12.2

Related Weaknesses (CWE)

CWE-20 CWE-284

References

http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.htmlRelease NotesVendor Advisory
http://www.securitytracker.com/id?1027005Third Party AdvisoryVDB Entry
http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.htmlRelease NotesVendor Advisory
http://www.securitytracker.com/id?1027005Third Party AdvisoryVDB Entry

FAQ

What is CVE-2011-4016?

CVE-2011-4016 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device cr...

How severe is CVE-2011-4016?

CVE-2011-4016 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4016?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.