CVE Vulnerabilities

CVE-2009-2863

Improper Authentication

Published: Sep 28, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Ios Cisco 12.3ym 12.3ym
Ios Cisco 12.3xr 12.3xr
Ios Cisco 12.0xk 12.0xk
Ios Cisco 12.4t 12.4t
Ios Cisco 12.0xr 12.0xr
Ios Cisco 12.1xm 12.1xm
Ios Cisco 12.1xi 12.1xi
Ios Cisco 12.2sga 12.2sga
Ios Cisco 12.1e 12.1e
Ios Cisco 12.1xc 12.1xc
Ios Cisco 12.3ya 12.3ya
Ios Cisco 12.1xp 12.1xp
Ios Cisco 12.2cz 12.2cz
Ios Cisco 12.2sxf 12.2sxf
Ios Cisco 12.1yd 12.1yd
Ios Cisco 12.2irc 12.2irc
Ios Cisco 12.2xe 12.2xe
Ios Cisco 12.2sx 12.2sx
Ios Cisco 12.3xg 12.3xg
Ios Cisco 12.4xj 12.4xj
Ios Cisco 12.3xd 12.3xd
Ios Cisco 12.4mr 12.4mr
Ios Cisco 12.2xj 12.2xj
Ios Cisco 12.2srb 12.2srb
Ios Cisco 12.2su 12.2su
Ios Cisco 12.2xg 12.2xg
Ios Cisco 12.2b 12.2b
Ios Cisco 12.2ixb 12.2ixb
Ios Cisco 12.4xt 12.4xt
Ios Cisco 12.2sq 12.2sq
Ios Cisco 12.1t 12.1t
Ios Cisco 12.1xr 12.1xr
Ios Cisco 12.2yn 12.2yn
Ios Cisco 12.2sxa 12.2sxa
Ios Cisco 12.2ey 12.2ey
Ios Cisco 12.2seg 12.2seg
Ios Cisco 12.2xb 12.2xb
Ios Cisco 12.2yf 12.2yf
Ios Cisco 12.2sg 12.2sg
Ios Cisco 12.2ixf 12.2ixf
Ios Cisco 12.2xl 12.2xl
Ios Cisco 12.2ym 12.2ym
Ios Cisco 12.3t 12.3t
Ios Cisco 12.2yb 12.2yb
Ios Cisco 12.3 12.3
Ios Cisco 12.2dd 12.2dd
Ios Cisco 12.2zh 12.2zh
Ios Cisco 12.1yf 12.1yf
Ios Cisco 12.2yv 12.2yv
Ios Cisco 12.2ixa 12.2ixa
Ios Cisco 12.2sxb 12.2sxb
Ios Cisco 12.2xw 12.2xw
Ios Cisco 12.4xf 12.4xf
Ios Cisco 12.3va 12.3va
Ios Cisco 12.2t 12.2t
Ios Cisco 12.2zya 12.2zya
Ios Cisco 12.4ya 12.4ya
Ios Cisco 12.2yl 12.2yl
Ios Cisco 12.2sed 12.2sed
Ios Cisco 12.2ye 12.2ye
Ios Cisco 12.1yb 12.1yb
Ios Cisco 12.4xv 12.4xv
Ios Cisco 12.3yd 12.3yd
Ios Cisco 12.4xw 12.4xw
Ios Cisco 12.2ex 12.2ex
Ios Cisco 12.4xz 12.4xz
Ios Cisco 12.2sbc 12.2sbc
Ios Cisco 12.2ixc 12.2ixc
Ios Cisco 12.1ex 12.1ex
Ios Cisco 12.1yi 12.1yi
Ios Cisco 12.2ira 12.2ira
Ios Cisco 12.3xf 12.3xf
Ios Cisco 12.3xl 12.3xl
Ios Cisco 12.2se 12.2se
Ios Cisco 12.1 12.1
Ios Cisco 12.3yk 12.3yk
Ios Cisco 12.2sxh 12.2sxh
Ios Cisco 12.4xd 12.4xd
Ios Cisco 12.2sec 12.2sec
Ios Cisco 12.2xm 12.2xm
Ios Cisco 12.3yt 12.3yt
Ios Cisco 12.2xk 12.2xk
Ios Cisco 12.1xh 12.1xh
Ios Cisco 12.2ixg 12.2ixg
Ios Cisco 12.2zj 12.2zj
Ios Cisco 12.3yz 12.3yz
Ios Cisco 12.4xk 12.4xk
Ios Cisco 12.2zy 12.2zy
Ios Cisco 12.3yg 12.3yg
Ios Cisco 12.1xj 12.1xj
Ios Cisco 12.2zd 12.2zd
Ios Cisco 12.3xc 12.3xc
Ios Cisco 12.4 12.4
Ios Cisco 12.2tpc 12.2tpc
Ios Cisco 12.3xe 12.3xe
Ios Cisco 12.2yc 12.2yc
Ios Cisco 12.3tpc 12.3tpc
Ios Cisco 12.2bw 12.2bw
Ios Cisco 12.4xa 12.4xa
Ios Cisco 12.2yu 12.2yu
Ios Cisco 12.2sxi 12.2sxi
Ios Cisco 12.4xe 12.4xe
Ios Cisco 12.2ixd 12.2ixd
Ios Cisco 12.2xd 12.2xd
Ios Cisco 12.3xq 12.3xq
Ios Cisco 12.2zl 12.2zl
Ios Cisco 12.2yq 12.2yq
Ios Cisco 12.2xq 12.2xq
Ios Cisco 12.2sef 12.2sef
Ios Cisco 12.2see 12.2see
Ios Cisco 12.3jk 12.3jk
Ios Cisco 12.3b 12.3b
Ios Cisco 12.4yb 12.4yb
Ios Cisco 12.2sra 12.2sra
Ios Cisco 12.2irb 12.2irb
Ios Cisco 12.3yh 12.3yh
Ios Cisco 12.2ya 12.2ya
Ios Cisco 12.2xv 12.2xv
Ios Cisco 12.2 12.2
Ios Cisco 12.3xx 12.3xx
Ios Cisco 12.4xy 12.4xy
Ios Cisco 12.3xa 12.3xa
Ios Cisco 12.3yi 12.3yi
Ios Cisco 12.2sxd 12.2sxd
Ios Cisco 12.2src 12.2src
Ios Cisco 12.2yz 12.2yz
Ios Cisco 12.2xa 12.2xa
Ios Cisco 12.2ixe 12.2ixe
Ios Cisco 12.3xk 12.3xk
Ios Cisco 12.2yx 12.2yx
Ios Cisco 12.2xo 12.2xo
Ios Cisco 12.2sxe 12.2sxe
Ios Cisco 12.2yh 12.2yh
Ios Cisco 12.2s 12.2s
Ios Cisco 12.2fz 12.2fz
Ios Cisco 12.2xt 12.2xt

Potential Mitigations

References