CVE-2009-0742 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Application Control Engine Module	All versions
Cisco	Catalyst 6500	All versions
Cisco	Catalyst 7600	All versions
Cisco	Ace 4710	All versions

Related Weaknesses (CWE)

CWE-310

References

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.sPatchVendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.sPatchVendor Advisory

FAQ

What is CVE-2009-0742?

CVE-2009-0742 is a vulnerability with a CVSS score of 7.8 (HIGH). The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by d...

How severe is CVE-2009-0742?

CVE-2009-0742 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0742?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Application Control Engine Module, Cisco Catalyst 6500, Cisco Catalyst 7600, Cisco Ace 4710.