CVE-2009-0625

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33900
http://www.securitytracker.com/id?1021769

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:cisco:ace_4710::::::::
	cpe:2.3:h:cisco:application_control_engine_module::::::::

cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-02-26 16:17

Updated : 2023-12-10 10:51

NVD link : CVE-2009-0625

Mitre link : CVE-2009-0625

CVE.ORG link : CVE-2009-0625

JSON object : View

Products Affected

cisco

application_control_engine_module
catalyst
ace_4710

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2009-0625", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:20.217", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33900", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021769", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet."}, {"lang": "es", "value": "Vulnerabilidad no especificada en \"Cisco ACE Application Control Engine Module\" para Switches Catalyst 6500 y routers anteriores A1(v1.2) y Cisco ACE 4710 \"Application Control Engine Appliance\" anteriores A1(8.0), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un paquete SNMPv3 manipulada. \r\n"}], "lastModified": "2009-03-03T07:04:50.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F0D8DA3-2B73-4DE7-933B-23C199B50BD9", "versionEndIncluding": "a1\\(2.0\\)"}, {"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF3BB9E-7AAE-4B04-B5A5-B61FE82AA94F", "versionEndIncluding": "a2\\(1.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "712DA93A-13CE-4E27-84FC-D2ECEEFFD568"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}