Lucene search

MitreCVE-2009-0471

HistoryFeb 06, 2009 - 7:30 p.m.

CVE-2009-0471

2009-02-0619:30:00

CWE-352

mitre

web.nvd.nist.gov

cve-2009-0471

csrf

vulnerability

cisco ios

http server

remote execution

arbitrary commands

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

46.2%

JSON

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.

Affected configurations

Nvd

Node

ciscoiosMatch12.4\(23\)

VendorProductVersionCPE
ciscoios12.4(23)cpe:2.3:o:cisco:ios:12.4\(23\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	12.4(23)	cpe:2.3:o:cisco:ios:12.4\(23\):::::::*

References

secunia.com/advisories/33844

www.securityfocus.com/archive/1/500674/100/0/threaded

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

46.2%

JSON

Related for CVE-2009-0471