CVE-2009-2862

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.

Los "Object Groups" (grupos de objetos) para la funcionalidad de listas de control de acceso (ACLs) en Cisco IOS v12.2XNB, v12.2XNC, v12.2XND, v12.4MD, v12.4T, v12.4XZ y v12.4YA permiten a los usuarios remotos evitar las restricciones establecidas a través de peticiones modificadas. También conocido como IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122 y CSCsu50252.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-08-19 CVE Reserved
2009-09-24 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
http://osvdb.org/58338	Broken Link
http://www.securityfocus.com/bid/36495	Third Party Advisory
http://www.securitytracker.com/id?1022933	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/viewAlert.x?alertId=18876	2022-06-02
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8119.shtml	2022-06-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.2xnb Search vendor "Cisco" for product "Ios" and version "12.2xnb"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.2xnc Search vendor "Cisco" for product "Ios" and version "12.2xnc"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.2xnd Search vendor "Cisco" for product "Ios" and version "12.2xnd"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.4md Search vendor "Cisco" for product "Ios" and version "12.4md"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.4t Search vendor "Cisco" for product "Ios" and version "12.4t"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.4xz Search vendor "Cisco" for product "Ios" and version "12.4xz"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.4ya Search vendor "Cisco" for product "Ios" and version "12.4ya"		-		Affected