Vulnerability Description
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
CVSS Score
7.1
HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.0xk |
Related Weaknesses (CWE)
References
- http://osvdb.org/58340
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18882Vendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.sVendor Advisory
- http://www.securityfocus.com/bid/36491
- http://www.securitytracker.com/id?1022935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53453
- http://osvdb.org/58340
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18882Vendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.sVendor Advisory
- http://www.securityfocus.com/bid/36491
- http://www.securitytracker.com/id?1022935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53453
FAQ
What is CVE-2009-2863?
CVE-2009-2863 is a vulnerability with a CVSS score of 7.1 (HIGH). Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka ...
How severe is CVE-2009-2863?
CVE-2009-2863 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2863?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.