CVE-2009-1160

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/34607
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/34429
http://www.securitytracker.com/id?1022017
http://www.vupen.com/english/advisories/2009/0981

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:::::::*
	cpe:2.3:h:cisco:pix:7.0:::::::*
	cpe:2.3:h:cisco:pix:7.1:::::::*
	cpe:2.3:h:cisco:pix:7.2:::::::*
	cpe:2.3:h:cisco:pix:8.0:::::::*

History

No history.

Information

Published : 2009-04-09 15:08

Updated : 2024-02-28 11:21

NVD link : CVE-2009-1160

Mitre link : CVE-2009-1160

CVE.ORG link : CVE-2009-1160

JSON object : View

Products Affected

cisco

adaptive_security_appliance_5500
pix

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-1160", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-09T15:08:35.797", "references": [{"url": "http://secunia.com/advisories/34607", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/34429", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1022017", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0981", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277."}, {"lang": "es", "value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances v7.0 anteriores a v7.0(8)1, v7.1 anteriores a v7.1(2)74, v7.2 anteriores a v7.2(4)9, and v8.0 anteriores a v8.0(4)5 no implementan de forma adecuada la denegaci\u00f3n impl\u00edcita, lo que podr\u00eda permitir a atacantes remotos enviar paquetes que sobrepasen las restricciones de acceso impuestas, tambi\u00e9n conocido como Bug ID CSCsq91277."}], "lastModified": "2009-04-28T05:39:14.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "235C2CE5-C858-4037-AE35-E6D506301894"}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A"}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41"}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610"}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6"}, {"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556"}, {"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209"}, {"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154"}, {"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}