CVE-2009-2865
 
Severity Score
7.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
Desbordamiento de búfer en la implementación del inicio de sesión de la característica "Extension Mobility" del componente "Unified Communications Manager Express" (CME) de Cisco IOS v12.4XW, v12.4XY, v12.4XZ y v12.4YA. Permite a usuarios remotos ejecutar código de su elección o provocar una denegación de servicio a través de peticiones HTTP modificadas. También conocido como Bug ID CSCsq58779.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-19 CVE Reserved
- 2009-09-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://osvdb.org/58335 | Vdb Entry | |
http://www.securityfocus.com/bid/36498 | Vdb Entry | |
http://www.securitytracker.com/id?1022932 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53448 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/viewAlert.x?alertId=18884 | 2017-08-17 | |
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml | 2017-08-17 |
URL | Date | SRC |
---|---|---|
http://www.vupen.com/english/advisories/2009/2758 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Communications Manager Express Search vendor "Cisco" for product "Unified Communications Manager Express" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4xw Search vendor "Cisco" for product "Ios" and version "12.4xw" | - |
Affected
|
Cisco Search vendor "Cisco" | Unified Communications Manager Express Search vendor "Cisco" for product "Unified Communications Manager Express" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4xy Search vendor "Cisco" for product "Ios" and version "12.4xy" | - |
Affected
|
Cisco Search vendor "Cisco" | Unified Communications Manager Express Search vendor "Cisco" for product "Unified Communications Manager Express" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4xz Search vendor "Cisco" for product "Ios" and version "12.4xz" | - |
Affected
|
Cisco Search vendor "Cisco" | Unified Communications Manager Express Search vendor "Cisco" for product "Unified Communications Manager Express" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4ya Search vendor "Cisco" for product "Ios" and version "12.4ya" | - |
Affected
|