Strix
26.1K

CVE-2005-3481

UnknownEPSS 7.12%

Last modified

CVE-2005-3481 is a vulnerability of currently unknown severity. Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. EPSS estimates a 7.12% chance of exploitation in the next 30 days.

Description

Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.

Metrics

EPSS Probability
7.12%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
CiscoIos12.0
CiscoIos12.0da
CiscoIos12.0db
CiscoIos12.0dc
CiscoIos12.0s
CiscoIos12.0sc
CiscoIos12.0sl
CiscoIos12.0sp
CiscoIos12.0st
CiscoIos12.0sx
CiscoIos12.0sz
CiscoIos12.0t
CiscoIos12.0w5
CiscoIos12.0wc
CiscoIos12.0xa
CiscoIos12.0xb
CiscoIos12.0xc
CiscoIos12.0xd
CiscoIos12.0xe
CiscoIos12.0xf
CiscoIos12.0xg
CiscoIos12.0xh
CiscoIos12.0xi
CiscoIos12.0xj
CiscoIos12.0xk
CiscoIos12.0xl
CiscoIos12.0xm
CiscoIos12.0xn
CiscoIos12.0xq
CiscoIos12.0xr
CiscoIos12.0xs
CiscoIos12.0xv
CiscoIos12.1
CiscoIos12.1aa
CiscoIos12.1ax
CiscoIos12.1ay
CiscoIos12.1az
CiscoIos12.1cx
CiscoIos12.1da
CiscoIos12.1db
CiscoIos12.1dc
CiscoIos12.1e
CiscoIos12.1ea
CiscoIos12.1eb
CiscoIos12.1ec
CiscoIos12.1eo
CiscoIos12.1eu
CiscoIos12.1ev
CiscoIos12.1ew
CiscoIos12.1ex

Showing 50 of 228 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-3481?
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
How severe is CVE-2005-3481?
Severity scoring for CVE-2005-3481 is pending analysis. The EPSS model estimates a 7.12% probability of exploitation in the next 30 days.
How do I fix CVE-2005-3481?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3481?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST