Details of VAR-201006-0026

ID

VAR-201006-0026

CVE

CVE-2009-4922

TITLE

Cisco ASA 5580 Service disruption in the series (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-004015

DESCRIPTION

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-4922 // JVNDB: JVNDB-2009-004015 // BID: 41412 // VULHUB: VHN-42368

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5580	scope:	lte	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	lt	version:	8.1(2)	Trust: 0.8
vendor:	cisco	model:	asa 5580	scope:	eq	version:	8.1\(1\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1(1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55808.1(2)	Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2009-004015 // CNNVD: CNNVD-201006-468 // NVD: CVE-2009-4922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4922
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-4922
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-468
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42368
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-4922
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42368
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42368 // JVNDB: JVNDB-2009-004015 // CNNVD: CNNVD-201006-468 // NVD: CVE-2009-4922

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-4922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-468

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201006-468

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004015

PATCH

title:

Cisco ASA 5580 Release Notes Version 8.1(2)

url:

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-004015

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4922	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-004015	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-468	Trust: 0.7
db:	BID	id:	41412	Trust: 0.3
db:	VULHUB	id:	VHN-42368	Trust: 0.1

sources: VULHUB: VHN-42368 // BID: 41412 // JVNDB: JVNDB-2009-004015 // CNNVD: CNNVD-201006-468 // NVD: CVE-2009-4922

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4922	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4922	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-42368 // BID: 41412 // JVNDB: JVNDB-2009-004015 // CNNVD: CNNVD-201006-468 // NVD: CVE-2009-4922

CREDITS

Cisco

Trust: 0.3

sources: BID: 41412

SOURCES

db:	VULHUB	id:	VHN-42368
db:	BID	id:	41412
db:	JVNDB	id:	JVNDB-2009-004015
db:	CNNVD	id:	CNNVD-201006-468
db:	NVD	id:	CVE-2009-4922

LAST UPDATE DATE

2024-11-23T21:47:25.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42368	date:	2010-06-30T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004015	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-468	date:	2010-07-01T00:00:00
db:	NVD	id:	CVE-2009-4922	date:	2024-11-21T01:10:46.950

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42368	date:	2010-06-29T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-004015	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-468	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2009-4922	date:	2010-06-29T18:30:01.770