Lucene search

[email protected]CVE-2009-0471

HistoryFeb 06, 2009 - 7:30 p.m.

CVE-2009-0471

2009-02-0619:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2009-0471

csrf

vulnerability

cisco ios

http server

remote execution

arbitrary commands

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.2%

JSON

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.

Affected configurations

NVD

Node

ciscoiosMatch12.4\(23\)

CPENameOperatorVersion
cisco:ioscisco ioseq12.4\(23\)

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	12.4\(23\)

References

secunia.com/advisories/33844

www.securityfocus.com/archive/1/500674/100/0/threaded

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.2%

JSON

Related for CVE-2009-0471

nvd1 prion1 cvelist1