cvelistv5 - CVE-2009-4912

CVE-2009-4912

Vulnerability from cvelistv5

Published

2010-06-29 18:00

Modified

2024-09-16 20:27

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:24:52.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-29T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4912",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4912",
    "datePublished": "2010-06-29T18:00:00Z",
    "dateReserved": "2010-06-29T00:00:00Z",
    "dateUpdated": "2024-09-16T20:27:56.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1\\\\(1\\\\)\", \"matchCriteriaId\": \"73E464BF-EEFB-4D23-9F86-B41B4850223E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.\"}, {\"lang\": \"es\", \"value\": \"Dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versi\\u00f3n de software anterior a v8.1(2) completan un \\\"handshake\\\" (establacimiento de conexi\\u00f3n) SSL con un cliente HTTPS incluso si dicho cliente no est\\u00e1 autorizado, lo que podr\\u00eda permitir a atacantes remotos evitar resctricciones de acceso establacidas a trav\\u00e9s de una sesi\\u00f3n HTTPS, tambi\\u00e9n conocido como Bug ID CSCso10876.\"}]",
      "id": "CVE-2009-4912",
      "lastModified": "2024-11-21T01:10:45.603",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-06-29T18:30:01.507",
      "references": "[{\"url\": \"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4912\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-06-29T18:30:01.507\",\"lastModified\":\"2024-11-21T01:10:45.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.\"},{\"lang\":\"es\",\"value\":\"Dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versi\u00f3n de software anterior a v8.1(2) completan un \\\"handshake\\\" (establacimiento de conexi\u00f3n) SSL con un cliente HTTPS incluso si dicho cliente no est\u00e1 autorizado, lo que podr\u00eda permitir a atacantes remotos evitar resctricciones de acceso establacidas a trav\u00e9s de una sesi\u00f3n HTTPS, tambi\u00e9n conocido como Bug ID CSCso10876.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1\\\\(1\\\\)\",\"matchCriteriaId\":\"73E464BF-EEFB-4D23-9F86-B41B4850223E\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}

gsd-2009-4912

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-4912

Aliases

CVE-2009-4912

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4912",
    "description": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.",
    "id": "GSD-2009-4912"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4912"
      ],
      "details": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.",
      "id": "GSD-2009-4912",
      "modified": "2023-12-13T01:19:45.443580Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4912",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
            "refsource": "CONFIRM",
            "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1\\(1\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4912"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-06-30T04:00Z",
      "publishedDate": "2010-06-29T18:30Z"
    }
  }
}

CVE-2009-4912

Vulnerability from fkie_nvd

Published

2010-06-29 18:30

Modified

2024-11-21 01:10

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch

Impacted products

	Vendor	Product	Version
	cisco	asa_5580	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E464BF-EEFB-4D23-9F86-B41B4850223E",
              "versionEndIncluding": "8.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
    },
    {
      "lang": "es",
      "value": "Dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versi\u00f3n de software anterior a v8.1(2) completan un \"handshake\" (establacimiento de conexi\u00f3n) SSL con un cliente HTTPS incluso si dicho cliente no est\u00e1 autorizado, lo que podr\u00eda permitir a atacantes remotos evitar resctricciones de acceso establacidas a trav\u00e9s de una sesi\u00f3n HTTPS, tambi\u00e9n conocido como Bug ID CSCso10876."
    }
  ],
  "id": "CVE-2009-4912",
  "lastModified": "2024-11-21T01:10:45.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-29T18:30:01.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-wv8r-qj2j-7h4m

Vulnerability from github

Published

2022-05-02 03:59

Modified

2022-05-02 03:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4912"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-06-29T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.",
  "id": "GHSA-wv8r-qj2j-7h4m",
  "modified": "2022-05-02T03:59:34Z",
  "published": "2022-05-02T03:59:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4912"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. The problem is Bug ID : CSCso10876 It is a problem.By a third party HTTPS Access restrictions may be bypassed through the session. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0016",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asa 5580",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.1\\(1\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5580 version  8.1(2)"
      },
      {
        "model": "asa 5580",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "8.1\\(1\\)"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1(1)"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1(2)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1\\(1\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "41412"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2009-4912",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-4912",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-42358",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-4912",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201006-458",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42358",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. The problem is Bug ID : CSCso10876 It is a problem.By a third party HTTPS Access restrictions may be bypassed through the session. Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. \nExploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. \nCisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4912",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "41412",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-42358",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "id": "VAR-201006-0016",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      }
    ],
    "trust": 0.7311873
  },
  "last_update_date": "2023-12-18T12:22:34.602000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "asarn812",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4912"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4912"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "date": "2009-04-06T00:00:00",
        "db": "BID",
        "id": "41412"
      },
      {
        "date": "2011-09-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "date": "2010-06-29T18:30:01.507000",
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "date": "2010-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42358"
      },
      {
        "date": "2009-04-06T00:00:00",
        "db": "BID",
        "id": "41412"
      },
      {
        "date": "2011-09-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      },
      {
        "date": "2010-06-30T04:00:00",
        "db": "NVD",
        "id": "CVE-2009-4912"
      },
      {
        "date": "2010-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Appliances Service disruption on devices  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002865"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-458"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-4912

Vulnerability from cvelistv5

gsd-2009-4912

Vulnerability from gsd

CVE-2009-4912

Vulnerability from fkie_nvd

ghsa-wv8r-qj2j-7h4m

Vulnerability from github

var-201006-0016

Vulnerability from variot

Tags

Sightings

Nomenclature