Sign-up

ID

VAR-200902-0538


CVE

CVE-2009-0622


TITLE

Catalyst 6500 Switch and 7600 For router Cisco ACE Application Control Engine Modules and Cisco ACE 4710 Application Control Engine Appliance In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-001382

DESCRIPTION

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). Other attacks are also possible. Remote authentication users can execute arbitrary system commands through the command line interface

Trust: 1.98

sources: NVD: CVE-2009-0622 // JVNDB: JVNDB-2009-001382 // BID: 33900 // VULHUB: VHN-38068

AFFECTED PRODUCTS

vendor:ciscomodel:application control engine modulescope:eqversion:1.0

Trust: 1.6

vendor:ciscomodel:ace 4710scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:application control engine modulescope:lteversion:1.1

Trust: 1.0

vendor:ciscomodel:ace module a2scope:neversion: -

Trust: 0.9

vendor:ciscomodel:ace 4710scope:ltversion:a2(1.2)

Trust: 0.8

vendor:ciscomodel:ace application control engine modulescope:ltversion:2.0 update a

Trust: 0.8

vendor:ciscomodel:ace appliance a1scope:neversion:4710

Trust: 0.6

vendor:ciscomodel:ace 4710scope: - version: -

Trust: 0.6

vendor:ciscomodel:application control engine modulescope:eqversion:1.1

Trust: 0.6

vendor:ciscomodel:application control engine modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ace modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ace appliancescope:eqversion:47100

Trust: 0.3

vendor:ciscomodel:ace appliance a3scope:neversion:4710

Trust: 0.3

sources: BID: 33900 // JVNDB: JVNDB-2009-001382 // CNNVD: CNNVD-200902-613 // NVD: CVE-2009-0622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0622
value: HIGH

Trust: 1.0

NVD: CVE-2009-0622
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200902-613
value: CRITICAL

Trust: 0.6

VULHUB: VHN-38068
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0622
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38068
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38068 // JVNDB: JVNDB-2009-001382 // CNNVD: CNNVD-200902-613 // NVD: CVE-2009-0622

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2009-001382 // NVD: CVE-2009-0622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-613

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200902-613

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001382

PATCH
title:cisco-sa-20090225-aceurl:http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001382

EXTERNAL IDS
db:NVDid:CVE-2009-0622
Trust: 2.8
db:BIDid:33900
Trust: 2.0
db:JVNDBid:JVNDB-2009-001382
Trust: 0.8
db:CNNVDid:CNNVD-200902-613
Trust: 0.7
db:CISCOid:20090225 MULTIPLE VULNERABILITIES IN THE CISCO ACE APPLICATION CONTROL ENGINE MODULE AND CISCO ACE 4710 APPLICATION CONTROL ENGINE
Trust: 0.6
db:VULHUBid:VHN-38068
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38068 // 
            
            
            
            BID: 33900 // 
            
            
            
            JVNDB: JVNDB-2009-001382 // 
            
            
            
            CNNVD: CNNVD-200902-613 // 
            
            
            
            NVD: CVE-2009-0622

REFERENCES
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080a7bc82.shtml
Trust: 2.0
url:http://www.securityfocus.com/bid/33900
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0622
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0622
Trust: 0.8
url:http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a7bd0a.ht
Trust: 0.3
url:http://www.cisco.com
Trust: 0.3
url:/archive/1/501237
Trust: 0.3
sources:
            
            
            VULHUB: VHN-38068 // 
            
            
            
            BID: 33900 // 
            
            
            
            JVNDB: JVNDB-2009-001382 // 
            
            
            
            CNNVD: CNNVD-200902-613 // 
            
            
            
            NVD: CVE-2009-0622

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200902-613

SOURCES
db:VULHUBid:VHN-38068
db:BIDid:33900
db:JVNDBid:JVNDB-2009-001382
db:CNNVDid:CNNVD-200902-613
db:NVDid:CVE-2009-0622

LAST UPDATE DATE
2025-04-10T22:56:39.196000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38068date:2009-02-27T00:00:00
db:BIDid:33900date:2009-03-09T22:26:00
db:JVNDBid:JVNDB-2009-001382date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200902-613date:2009-02-27T00:00:00
db:NVDid:CVE-2009-0622date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-38068date:2009-02-26T00:00:00
db:BIDid:33900date:2009-02-25T00:00:00
db:JVNDBid:JVNDB-2009-001382date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200902-613date:2009-02-26T00:00:00
db:NVDid:CVE-2009-0622date:2009-02-26T16:17:20.157