CVE-2011-2165

CVSS 6.8 - MEDIUM

Description

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected Products

2

Vendor	Product	Version
watchguard	xcs	`9.0`
watchguard	xcs	`9.1`

References

http://secunia.com/advisories/44753

http://www.kb.cert.org/vuls/id/555316

http://www.kb.cert.org/vuls/id/MAPG-8D9M75

http://www.watchguard.com/support/release-notes/xc...

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://secunia.com/advisories/44753

http://www.kb.cert.org/vuls/id/555316

http://www.kb.cert.org/vuls/id/MAPG-8D9M75

http://www.watchguard.com/support/release-notes/xc...

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

CWE-264

CVE Information

CVE ID:: CVE-2011-2165
Published:: 2011-05-23
Modified:: 2026-04-29
CVSS Score:: 6.8
Severity:: MEDIUM
Vector:: AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Vendors

watchguard

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL