CVE-2009-2862Improper Authentication in Cisco IOS

CWE-287Improper Authentication4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 28
Latest updateMay 2

Description

The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-jv67-6q9j-gjmg: The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 122022-05-02
CVEList
CVE-2009-2862: The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 122009-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS Software Object-group Access Control List Bypass Vulnerability2009-09-23
CVE-2009-2862 — Improper Authentication in Cisco IOS | cvebase