CVE-2009-1135

CWE-2643 documents3 sources
Severity
9.0CRITICAL
EPSS
39.4%
top 2.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft ISA Server
Timeline
PublishedJul 15
Latest updateMay 2

Description

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r622-f8m7-c595: Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, wh2022-05-02
CVEList
CVE-2009-1135: Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, wh2009-07-15
CVE-2009-1135 (CRITICAL CVSS 9) | Microsoft Internet Security and Acc | cvebase.io