Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2009-2863

Published: 28/09/2009 Updated: 17/08/2017
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N
Subscribe to Ios

Vulnerability Summary

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 up to and including 12.4 allows remote malicious users to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios 12.1ex

cisco ios 12.1t

cisco ios 12.1yb

cisco ios 12.1yd

cisco ios 12.2dd

cisco ios 12.2ex

cisco ios 12.2ixb

cisco ios 12.2ixc

cisco ios 12.2sec

cisco ios 12.2sed

cisco ios 12.2sra

cisco ios 12.2srb

cisco ios 12.2sxe

cisco ios 12.2sxf

cisco ios 12.2xe

cisco ios 12.2xg

cisco ios 12.2xt

cisco ios 12.2xv

cisco ios 12.2yh

cisco ios 12.2yl

cisco ios 12.2ym

cisco ios 12.2zd

cisco ios 12.2zh

cisco ios 12.3jk

cisco ios 12.3t

cisco ios 12.3xg

cisco ios 12.0xk

cisco ios 12.0xr

cisco ios 12.1xi

cisco ios 12.1xj

cisco ios 12.1xm

cisco ios 12.2

cisco ios 12.2b

cisco ios 12.2ira

cisco ios 12.2irb

cisco ios 12.2ixg

cisco ios 12.2s

cisco ios 12.2seg

cisco ios 12.2sg

cisco ios 12.2sx

cisco ios 12.2sxa

cisco ios 12.2tpc

cisco ios 12.2xa

cisco ios 12.2xl

cisco ios 12.2xm

cisco ios 12.2yb

cisco ios 12.2yc

cisco ios 12.2yu

cisco ios 12.2yv

cisco ios 12.2zy

cisco ios 12.2zya

cisco ios 12.3xa

cisco ios 12.3xc

cisco ios 12.3xr

cisco ios 12.3xx

cisco ios 12.3ym

cisco ios 12.3yt

cisco ios 12.4xe

cisco ios 12.1

cisco ios 12.1e

cisco ios 12.1xp

cisco ios 12.1xr

cisco ios 12.2bw

cisco ios 12.2cz

cisco ios 12.2ixa

cisco ios 12.2irc

cisco ios 12.2sbc

cisco ios 12.2se

cisco ios 12.2sga

cisco ios 12.2sq

cisco ios 12.2sxb

cisco ios 12.2sxd

cisco ios 12.2xb

cisco ios 12.2xd

cisco ios 12.2xo

cisco ios 12.2xq

cisco ios 12.2ye

cisco ios 12.2yf

cisco ios 12.2yx

cisco ios 12.2yz

cisco ios 12.3

cisco ios 12.3b

cisco ios 12.3xd

cisco ios 12.3xe

cisco ios 12.3xf

cisco ios 12.3ya

cisco ios 12.3yd

cisco ios 12.3yz

cisco ios 12.4

cisco ios 12.4xk

cisco ios 12.4xt

cisco ios 12.3xk

cisco ios 12.3yg

cisco ios 12.3yh

cisco ios 12.4mr

cisco ios 12.4t

cisco ios 12.4xv

cisco ios 12.4xw

cisco ios 12.4xf

cisco ios 12.4xj

cisco ios 12.4ya

cisco ios 12.4yb

cisco ios 12.1xc

cisco ios 12.1xh

cisco ios 12.1yf

cisco ios 12.1yi

cisco ios 12.2ey

cisco ios 12.2fz

cisco ios 12.2ixd

cisco ios 12.2ixe

cisco ios 12.2ixf

cisco ios 12.2sef

cisco ios 12.2see

cisco ios 12.2src

cisco ios 12.2su

cisco ios 12.2sxh

cisco ios 12.2sxi

cisco ios 12.2t

cisco ios 12.2xj

cisco ios 12.2xk

cisco ios 12.2xw

cisco ios 12.2ya

cisco ios 12.2yn

cisco ios 12.2yq

cisco ios 12.2zj

cisco ios 12.2zl

cisco ios 12.3tpc

cisco ios 12.3va

cisco ios 12.3xl

cisco ios 12.3xq

cisco ios 12.3yi

cisco ios 12.3yk

cisco ios 12.4xa

cisco ios 12.4xd

cisco ios 12.4xy

cisco ios 12.4xz

Vendor Advisories

Cisco: Cisco IOS Software Authentication Proxy Vulnerability
Cisco IOS® Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage Cisco has released software updates that address this vulnerability There are no w ...

References

CWE-287http://tools.cisco.com/security/center/viewAlert.x?alertId=18882http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtmlhttp://www.securitytracker.com/id?1022935http://www.securityfocus.com/bid/36491http://osvdb.org/58340https://exchange.xforce.ibmcloud.com/vulnerabilities/53453https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-auth-proxy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook