CVE-2009-2865
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
91.0%
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_communications_manager_express | * | cpe:2.3:a:cisco:unified_communications_manager_express:*:*:*:*:*:*:*:* |
| cisco | ios | 12.4xw | cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:* |
| cisco | ios | 12.4xy | cpe:2.3:o:cisco:ios:12.4xy:*:*:*:*:*:*:* |
| cisco | ios | 12.4xz | cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:* |
| cisco | ios | 12.4ya | cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:* |
References
osvdb.org/58335
tools.cisco.com/security/center/viewAlert.x?alertId=18884
www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml
www.securityfocus.com/bid/36498
www.securitytracker.com/id?1022932
www.vupen.com/english/advisories/2009/2758
exchange.xforce.ibmcloud.com/vulnerabilities/53448
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
91.0%