Details of VAR-201006-0017

ID

VAR-201006-0017

CVE

CVE-2009-4913

TITLE

Cisco Adaptive Security Appliances Device IPv6 Vulnerabilities that prevent access restrictions in the implementation

Trust: 0.8

sources: JVNDB: JVNDB-2010-002866

DESCRIPTION

The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. The problem is Bug ID CSCso58622 It is a problem.By a third party IPv6 Access restrictions may be circumvented via packets. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-4913 // JVNDB: JVNDB-2010-002866 // BID: 41412 // VULHUB: VHN-42359

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5580	scope:	lte	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	5500 version 8.1(2)	Trust: 0.8
vendor:	cisco	model:	asa 5580	scope:	eq	version:	8.1\(1\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1(1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55808.1(2)	Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2010-002866 // CNNVD: CNNVD-201006-459 // NVD: CVE-2009-4913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4913
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-4913
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-459
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42359
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-4913
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42359
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42359 // JVNDB: JVNDB-2010-002866 // CNNVD: CNNVD-201006-459 // NVD: CVE-2009-4913

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-42359 // JVNDB: JVNDB-2010-002866 // NVD: CVE-2009-4913

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-459

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201006-459

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002866

PATCH

title:

asarn812

url:

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-002866

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4913	Trust: 2.8
db:	OSVDB	id:	65893	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002866	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-459	Trust: 0.7
db:	BID	id:	41412	Trust: 0.3
db:	VULHUB	id:	VHN-42359	Trust: 0.1

sources: VULHUB: VHN-42359 // BID: 41412 // JVNDB: JVNDB-2010-002866 // CNNVD: CNNVD-201006-459 // NVD: CVE-2009-4913

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4913	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4913	Trust: 0.8
url:	http://osvdb.org/65893	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-42359 // BID: 41412 // JVNDB: JVNDB-2010-002866 // CNNVD: CNNVD-201006-459 // NVD: CVE-2009-4913

CREDITS

Cisco

Trust: 0.3

sources: BID: 41412

SOURCES

db:	VULHUB	id:	VHN-42359
db:	BID	id:	41412
db:	JVNDB	id:	JVNDB-2010-002866
db:	CNNVD	id:	CNNVD-201006-459
db:	NVD	id:	CVE-2009-4913

LAST UPDATE DATE

2024-11-23T21:47:24.967000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42359	date:	2010-06-30T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2010-002866	date:	2011-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201006-459	date:	2010-07-01T00:00:00
db:	NVD	id:	CVE-2009-4913	date:	2024-11-21T01:10:45.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42359	date:	2010-06-29T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2010-002866	date:	2011-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201006-459	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2009-4913	date:	2010-06-29T18:30:01.520