CVE-2009-2865 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.6HIGHNVD

EPSS

3.7%

top 12.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedSep 28

Latest updateMay 2

Description

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/ios4 versions+3

Patches

Patch: tools.cisco.com ↗Patch: www.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-jvhf-p5j4-xwrc: Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco I↗2022-05-02

▶

CVEList

CVE-2009-2865: Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco I↗2009-09-28

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Express Vulnerability↗2009-09-23

▶

📄Research Papers

arXiv

Formal Black-Box Analysis of Routing Protocol Implementations↗2017-09-23

▶