Sign-up

ID

VAR-201006-0016


CVE

CVE-2009-4912


TITLE

Cisco Adaptive Security Appliances Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002865

DESCRIPTION

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. The problem is Bug ID : CSCso10876 It is a problem.By a third party HTTPS Access restrictions may be bypassed through the session. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-4912 // JVNDB: JVNDB-2010-002865 // BID: 41412 // VULHUB: VHN-42358

AFFECTED PRODUCTS

vendor:ciscomodel:asa 5580scope:lteversion:8.1\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:5580 version 8.1(2)

Trust: 0.8

vendor:ciscomodel:asa 5580scope:eqversion:8.1\(1\)

Trust: 0.6

vendor:ciscomodel:asa series adaptive security appliancescope:eqversion:55808.1(1)

Trust: 0.3

vendor:ciscomodel:asa series adaptive security appliancescope:eqversion:55808.1

Trust: 0.3

vendor:ciscomodel:asa series adaptive security appliancescope:neversion:55808.1(2)

Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2010-002865 // CNNVD: CNNVD-201006-458 // NVD: CVE-2009-4912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4912
value: HIGH

Trust: 1.0

NVD: CVE-2009-4912
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201006-458
value: CRITICAL

Trust: 0.6

VULHUB: VHN-42358
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-4912
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-42358
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-42358 // JVNDB: JVNDB-2010-002865 // CNNVD: CNNVD-201006-458 // NVD: CVE-2009-4912

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-42358 // JVNDB: JVNDB-2010-002865 // NVD: CVE-2009-4912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-458

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201006-458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002865

PATCH
title:asarn812url:http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002865

EXTERNAL IDS
db:NVDid:CVE-2009-4912
Trust: 2.8
db:JVNDBid:JVNDB-2010-002865
Trust: 0.8
db:CNNVDid:CNNVD-201006-458
Trust: 0.7
db:BIDid:41412
Trust: 0.3
db:VULHUBid:VHN-42358
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42358 // 
            
            
            
            BID: 41412 // 
            
            
            
            JVNDB: JVNDB-2010-002865 // 
            
            
            
            CNNVD: CNNVD-201006-458 // 
            
            
            
            NVD: CVE-2009-4912

REFERENCES
url:http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4912
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4912
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-42358 // 
            
            
            
            BID: 41412 // 
            
            
            
            JVNDB: JVNDB-2010-002865 // 
            
            
            
            CNNVD: CNNVD-201006-458 // 
            
            
            
            NVD: CVE-2009-4912

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 41412

SOURCES
db:VULHUBid:VHN-42358
db:BIDid:41412
db:JVNDBid:JVNDB-2010-002865
db:CNNVDid:CNNVD-201006-458
db:NVDid:CVE-2009-4912

LAST UPDATE DATE
2024-11-23T21:47:25.201000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-42358date:2010-06-30T00:00:00
db:BIDid:41412date:2009-04-06T00:00:00
db:JVNDBid:JVNDB-2010-002865date:2011-09-20T00:00:00
db:CNNVDid:CNNVD-201006-458date:2010-07-01T00:00:00
db:NVDid:CVE-2009-4912date:2024-11-21T01:10:45.603

SOURCES RELEASE DATE
db:VULHUBid:VHN-42358date:2010-06-29T00:00:00
db:BIDid:41412date:2009-04-06T00:00:00
db:JVNDBid:JVNDB-2010-002865date:2011-09-20T00:00:00
db:CNNVDid:CNNVD-201006-458date:2010-06-29T00:00:00
db:NVDid:CVE-2009-4912date:2010-06-29T18:30:01.507