Vulnerability Details CVE-2009-2865
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.6%
CVSS Severity
CVSS v2 Score 7.6
References
- http://osvdb.org/58335
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18884
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml
- http://www.securityfocus.com/bid/36498
- http://www.securitytracker.com/id?1022932
- http://www.vupen.com/english/advisories/2009/2758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53448
- http://osvdb.org/58335
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18884
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml
- http://www.securityfocus.com/bid/36498
- http://www.securitytracker.com/id?1022932
- http://www.vupen.com/english/advisories/2009/2758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53448
Products affected by CVE-2009-2865
-
cpe:2.3:a:cisco:unified_communications_manager_express:*
-
cpe:2.3:o:cisco:ios:12.4xw
-
cpe:2.3:o:cisco:ios:12.4xy
-
cpe:2.3:o:cisco:ios:12.4xz
-
cpe:2.3:o:cisco:ios:12.4ya