Details of VAR-201006-0023

ID

VAR-201006-0023

CVE

CVE-2009-4919

TITLE

Cisco ASA 5580 Series buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004012

DESCRIPTION

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible

Trust: 1.98

sources: NVD: CVE-2009-4919 // JVNDB: JVNDB-2009-004012 // BID: 41412 // VULHUB: VHN-42365

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5580	scope:	lte	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	lt	version:	8.1(2)	Trust: 0.8
vendor:	cisco	model:	asa 5580	scope:	eq	version:	8.1\(1\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1(1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55808.1(2)	Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2009-004012 // CNNVD: CNNVD-201006-465 // NVD: CVE-2009-4919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4919
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-4919
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201006-465
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-42365
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-4919
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42365
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42365 // JVNDB: JVNDB-2009-004012 // CNNVD: CNNVD-201006-465 // NVD: CVE-2009-4919

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-42365 // JVNDB: JVNDB-2009-004012 // NVD: CVE-2009-4919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-465

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201006-465

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004012

PATCH

title:

Cisco ASA 5580 Release Notes Version 8.1(2)

url:

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-004012

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4919	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-004012	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-465	Trust: 0.7
db:	BID	id:	41412	Trust: 0.3
db:	VULHUB	id:	VHN-42365	Trust: 0.1

sources: VULHUB: VHN-42365 // BID: 41412 // JVNDB: JVNDB-2009-004012 // CNNVD: CNNVD-201006-465 // NVD: CVE-2009-4919

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4919	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4919	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-42365 // BID: 41412 // JVNDB: JVNDB-2009-004012 // CNNVD: CNNVD-201006-465 // NVD: CVE-2009-4919

CREDITS

Cisco

Trust: 0.3

sources: BID: 41412

SOURCES

db:	VULHUB	id:	VHN-42365
db:	BID	id:	41412
db:	JVNDB	id:	JVNDB-2009-004012
db:	CNNVD	id:	CNNVD-201006-465
db:	NVD	id:	CVE-2009-4919

LAST UPDATE DATE

2024-11-23T21:47:24.877000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42365	date:	2010-06-30T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004012	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-465	date:	2010-07-01T00:00:00
db:	NVD	id:	CVE-2009-4919	date:	2024-11-21T01:10:46.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42365	date:	2010-06-29T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004012	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-465	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2009-4919	date:	2010-06-29T18:30:01.693