Details of VAR-201006-0018

ID

VAR-201006-0018

CVE

CVE-2009-4914

TITLE

Cisco ASA 5580 Service disruption in the series (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-004007

DESCRIPTION

Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-4914 // JVNDB: JVNDB-2009-004007 // BID: 41412 // VULHUB: VHN-42360

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5580	scope:	lte	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	lt	version:	8.1(2)	Trust: 0.8
vendor:	cisco	model:	asa 5580	scope:	eq	version:	8.1\(1\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1(1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55808.1(2)	Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2009-004007 // CNNVD: CNNVD-201006-460 // NVD: CVE-2009-4914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4914
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-4914
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201006-460
value:	HIGH
Trust: 0.6
VULHUB:	VHN-42360
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-4914
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42360
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42360 // JVNDB: JVNDB-2009-004007 // CNNVD: CNNVD-201006-460 // NVD: CVE-2009-4914

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-42360 // JVNDB: JVNDB-2009-004007 // NVD: CVE-2009-4914

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-460

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201006-460

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004007

PATCH

title:

Cisco ASA 5580 Release Notes Version 8.1(2)

url:

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-004007

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4914	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-004007	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-460	Trust: 0.7
db:	BID	id:	41412	Trust: 0.3
db:	VULHUB	id:	VHN-42360	Trust: 0.1

sources: VULHUB: VHN-42360 // BID: 41412 // JVNDB: JVNDB-2009-004007 // CNNVD: CNNVD-201006-460 // NVD: CVE-2009-4914

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4914	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4914	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-42360 // BID: 41412 // JVNDB: JVNDB-2009-004007 // CNNVD: CNNVD-201006-460 // NVD: CVE-2009-4914

CREDITS

Cisco

Trust: 0.3

sources: BID: 41412

SOURCES

db:	VULHUB	id:	VHN-42360
db:	BID	id:	41412
db:	JVNDB	id:	JVNDB-2009-004007
db:	CNNVD	id:	CNNVD-201006-460
db:	NVD	id:	CVE-2009-4914

LAST UPDATE DATE

2024-11-23T21:47:25.113000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42360	date:	2010-06-30T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004007	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-460	date:	2010-07-01T00:00:00
db:	NVD	id:	CVE-2009-4914	date:	2024-11-21T01:10:45.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42360	date:	2010-06-29T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004007	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-460	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2009-4914	date:	2010-06-29T18:30:01.553