CVE-2009-1160

CWE-264 CWE-3994 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 50.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance 5500 Cisco PIX

Timeline

PublishedApr 9

Latest updateMay 2

Description

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_55005 versions+4

▶NVDcisco/pix4 versions+3

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrxx-7pc4-7jx7: Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7↗2022-05-02

▶

CVEList

CVE-2009-1160: Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7↗2009-04-09

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances↗2009-04-08

▶