Details of VAR-200902-0665

ID

VAR-200902-0665

CVE

CVE-2009-0742

TITLE

Catalyst 6500 Switch and 7600 For router Cisco ACE Application Control Engine Modules and Cisco ACE 4710 Application Control Engine Appliance of username Information disclosure vulnerability in commands

Trust: 0.8

sources: JVNDB: JVNDB-2009-001378

DESCRIPTION

The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. Ace 4710 is prone to a information disclosure vulnerability

Trust: 1.98

sources: NVD: CVE-2009-0742 // JVNDB: JVNDB-2009-001378 // BID: 79601 // VULHUB: VHN-38188

AFFECTED PRODUCTS

vendor:	cisco	model:	ace 4710	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	application control engine module	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ace 4710	scope:	lt	version:	a2(1.1)	Trust: 0.8
vendor:	cisco	model:	ace application control engine module	scope:	lt	version:	a1(8a)	Trust: 0.8
vendor:	cisco	model:	ace 4710	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	application control engine module	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	application control engine module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ace	scope:	eq	version:	47100	Trust: 0.3

sources: BID: 79601 // JVNDB: JVNDB-2009-001378 // CNNVD: CNNVD-200902-583 // NVD: CVE-2009-0742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0742
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-0742
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200902-583
value:	HIGH
Trust: 0.6
VULHUB:	VHN-38188
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-0742
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38188
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38188 // JVNDB: JVNDB-2009-001378 // CNNVD: CNNVD-200902-583 // NVD: CVE-2009-0742

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-38188 // JVNDB: JVNDB-2009-001378 // NVD: CVE-2009-0742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-583

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200902-583

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001378

PATCH

title:

cisco-sa-20090226-ace

url:

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2009-001378

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0742	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-001378	Trust: 0.8
db:	CNNVD	id:	CNNVD-200902-583	Trust: 0.7
db:	CISCO	id:	20090225 MULTIPLE VULNERABILITIES IN THE CISCO ACE APPLICATION CONTROL ENGINE MODULE AND CISCO ACE 4710 APPLICATION CONTROL ENGINE	Trust: 0.6
db:	BID	id:	79601	Trust: 0.4
db:	VULHUB	id:	VHN-38188	Trust: 0.1

sources: VULHUB: VHN-38188 // BID: 79601 // JVNDB: JVNDB-2009-001378 // CNNVD: CNNVD-200902-583 // NVD: CVE-2009-0742

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080a7bc82.shtml	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0742	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0742	Trust: 0.8

sources: VULHUB: VHN-38188 // BID: 79601 // JVNDB: JVNDB-2009-001378 // CNNVD: CNNVD-200902-583 // NVD: CVE-2009-0742

CREDITS

Unknown

Trust: 0.3

sources: BID: 79601

SOURCES

db:	VULHUB	id:	VHN-38188
db:	BID	id:	79601
db:	JVNDB	id:	JVNDB-2009-001378
db:	CNNVD	id:	CNNVD-200902-583
db:	NVD	id:	CVE-2009-0742

LAST UPDATE DATE

2024-11-23T21:56:40.332000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38188	date:	2009-02-27T00:00:00
db:	BID	id:	79601	date:	2009-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2009-001378	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200902-583	date:	2009-02-27T00:00:00
db:	NVD	id:	CVE-2009-0742	date:	2024-11-21T01:00:48.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38188	date:	2009-02-26T00:00:00
db:	BID	id:	79601	date:	2009-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2009-001378	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200902-583	date:	2009-02-26T00:00:00
db:	NVD	id:	CVE-2009-0742	date:	2009-02-26T16:17:20.233