cvelistv5 - CVE-2009-4919

CVE-2009-4919 (GCVE-0-2009-4919)

Vulnerability from cvelistv5 – Published: 2010-06-29 18:00 – Updated: 2024-09-16 20:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://www.cisco.com/en/US/docs/security/asa/asa8…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:24:52.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-29T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4919",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4919",
    "datePublished": "2010-06-29T18:00:00Z",
    "dateReserved": "2010-06-29T00:00:00Z",
    "dateUpdated": "2024-09-16T20:46:54.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1\\\\(1\\\\)\", \"matchCriteriaId\": \"73E464BF-EEFB-4D23-9F86-B41B4850223E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00faffer basado en pila en dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versiones de software anteriores a v8.1(2) permite a atacantes remotos provocar un impacto no especificado a trav\\u00e9s de atributos IKE largos, tambi\\u00e9n conocido como Bug ID CSCsu43121.\"}]",
      "id": "CVE-2009-4919",
      "lastModified": "2024-11-21T01:10:46.547",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-06-29T18:30:01.693",
      "references": "[{\"url\": \"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4919\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-06-29T18:30:01.693\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00faffer basado en pila en dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versiones de software anteriores a v8.1(2) permite a atacantes remotos provocar un impacto no especificado a trav\u00e9s de atributos IKE largos, tambi\u00e9n conocido como Bug ID CSCsu43121.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1\\\\(1\\\\)\",\"matchCriteriaId\":\"73E464BF-EEFB-4D23-9F86-B41B4850223E\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}

FKIE_CVE-2009-4919

Vulnerability from fkie_nvd - Published: 2010-06-29 18:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html	Patch

Impacted products

	Vendor	Product	Version
	cisco	asa_5580	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E464BF-EEFB-4D23-9F86-B41B4850223E",
              "versionEndIncluding": "8.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00faffer basado en pila en dispositivos Cisco Adaptive Security Appliances (ASA) de la serie 5580 con versiones de software anteriores a v8.1(2) permite a atacantes remotos provocar un impacto no especificado a trav\u00e9s de atributos IKE largos, tambi\u00e9n conocido como Bug ID CSCsu43121."
    }
  ],
  "id": "CVE-2009-4919",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-29T18:30:01.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-292

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été trouvées dans Cisco ASA. Elles permettent de réaliser un déni de service à distance, de contourner la politique de sécurité ou de réaliser de l'injection de code indirecte.

Description

Plusieurs vulnérabilités sont présentes dans Cisco ASA. En particulier :

deux vulnérabilités permettent à une personne malveillante d'injecter du code dans les réponses HTTP émises par le serveur et ainsi de faire exécuter du code dans le navigateur Web de la victime ;
les gestions incorrectes des protocoles IPv6 et SSL permettent à un utilisateur malveillant de contourner la politique de sécurité ;
un problème de traitement des certificats X.509 permet à un utilisateur malveillant d'épuiser la mémoire de l'équipement ;
une vulnérabilité non précisée ainsi qu'un trafic SIP important permettent à un utilisateur malveillant distant de provoquer le redémarrage de l'équipement ;
DTLS, IPsec L2L, les VPN SSL et des paquets TCP malformés sont utilisables par un attaquant pour provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA versions 8.1(1) et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Notes de version Cisco ASA version 8.1(2)

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCisco ASA versions 8.1(1) et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Cisco ASA. En particulier\u00a0:\n\n-   deux vuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malveillante\n    d\u0027injecter du code dans les r\u00e9ponses HTTP \u00e9mises par le serveur et\n    ainsi de faire ex\u00e9cuter du code dans le navigateur Web de la\n    victime\u00a0;\n-   les gestions incorrectes des protocoles IPv6 et SSL permettent \u00e0 un\n    utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9\u00a0;\n-   un probl\u00e8me de traitement des certificats X.509 permet \u00e0 un\n    utilisateur malveillant d\u0027\u00e9puiser la m\u00e9moire de l\u0027\u00e9quipement\u00a0;\n-   une vuln\u00e9rabilit\u00e9 non pr\u00e9cis\u00e9e ainsi qu\u0027un trafic SIP important\n    permettent \u00e0 un utilisateur malveillant distant de provoquer le\n    red\u00e9marrage de l\u0027\u00e9quipement\u00a0;\n-   DTLS, IPsec L2L, les VPN SSL et des paquets TCP malform\u00e9s sont\n    utilisables par un attaquant pour provoquer un d\u00e9ni de service \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4921"
    },
    {
      "name": "CVE-2009-4917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4917"
    },
    {
      "name": "CVE-2009-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4911"
    },
    {
      "name": "CVE-2009-4919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4919"
    },
    {
      "name": "CVE-2009-4912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4912"
    },
    {
      "name": "CVE-2009-4920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4920"
    },
    {
      "name": "CVE-2009-4916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4916"
    },
    {
      "name": "CVE-2009-4914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4914"
    },
    {
      "name": "CVE-2008-7257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7257"
    },
    {
      "name": "CVE-2009-4918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4918"
    },
    {
      "name": "CVE-2009-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4923"
    },
    {
      "name": "CVE-2009-4915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4915"
    },
    {
      "name": "CVE-2009-4910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4910"
    },
    {
      "name": "CVE-2009-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4922"
    },
    {
      "name": "CVE-2009-4913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4913"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-292",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-28T00:00:00.000000"
    },
    {
      "description": "ajout de vuln\u00e9rabilit\u00e9s et de 14 r\u00e9f\u00e9rences CVE.",
      "revision_date": "2010-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 trouv\u00e9es dans Cisco ASA. Elles\npermettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance, de contourner la\npolitique de s\u00e9curit\u00e9 ou de r\u00e9aliser de l\u0027injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Cisco ASA",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version Cisco ASA version 8.1(2)",
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ]
}

CERTA-2010-AVI-292

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités sont présentes dans Cisco ASA. En particulier :

deux vulnérabilités permettent à une personne malveillante d'injecter du code dans les réponses HTTP émises par le serveur et ainsi de faire exécuter du code dans le navigateur Web de la victime ;
les gestions incorrectes des protocoles IPv6 et SSL permettent à un utilisateur malveillant de contourner la politique de sécurité ;
un problème de traitement des certificats X.509 permet à un utilisateur malveillant d'épuiser la mémoire de l'équipement ;
une vulnérabilité non précisée ainsi qu'un trafic SIP important permettent à un utilisateur malveillant distant de provoquer le redémarrage de l'équipement ;
DTLS, IPsec L2L, les VPN SSL et des paquets TCP malformés sont utilisables par un attaquant pour provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA versions 8.1(1) et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Notes de version Cisco ASA version 8.1(2)

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCisco ASA versions 8.1(1) et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Cisco ASA. En particulier\u00a0:\n\n-   deux vuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malveillante\n    d\u0027injecter du code dans les r\u00e9ponses HTTP \u00e9mises par le serveur et\n    ainsi de faire ex\u00e9cuter du code dans le navigateur Web de la\n    victime\u00a0;\n-   les gestions incorrectes des protocoles IPv6 et SSL permettent \u00e0 un\n    utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9\u00a0;\n-   un probl\u00e8me de traitement des certificats X.509 permet \u00e0 un\n    utilisateur malveillant d\u0027\u00e9puiser la m\u00e9moire de l\u0027\u00e9quipement\u00a0;\n-   une vuln\u00e9rabilit\u00e9 non pr\u00e9cis\u00e9e ainsi qu\u0027un trafic SIP important\n    permettent \u00e0 un utilisateur malveillant distant de provoquer le\n    red\u00e9marrage de l\u0027\u00e9quipement\u00a0;\n-   DTLS, IPsec L2L, les VPN SSL et des paquets TCP malform\u00e9s sont\n    utilisables par un attaquant pour provoquer un d\u00e9ni de service \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4921"
    },
    {
      "name": "CVE-2009-4917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4917"
    },
    {
      "name": "CVE-2009-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4911"
    },
    {
      "name": "CVE-2009-4919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4919"
    },
    {
      "name": "CVE-2009-4912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4912"
    },
    {
      "name": "CVE-2009-4920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4920"
    },
    {
      "name": "CVE-2009-4916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4916"
    },
    {
      "name": "CVE-2009-4914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4914"
    },
    {
      "name": "CVE-2008-7257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7257"
    },
    {
      "name": "CVE-2009-4918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4918"
    },
    {
      "name": "CVE-2009-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4923"
    },
    {
      "name": "CVE-2009-4915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4915"
    },
    {
      "name": "CVE-2009-4910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4910"
    },
    {
      "name": "CVE-2009-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4922"
    },
    {
      "name": "CVE-2009-4913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4913"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-292",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-28T00:00:00.000000"
    },
    {
      "description": "ajout de vuln\u00e9rabilit\u00e9s et de 14 r\u00e9f\u00e9rences CVE.",
      "revision_date": "2010-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 trouv\u00e9es dans Cisco ASA. Elles\npermettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance, de contourner la\npolitique de s\u00e9curit\u00e9 ou de r\u00e9aliser de l\u0027injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Cisco ASA",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version Cisco ASA version 8.1(2)",
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ]
}

VAR-201006-0023

Vulnerability from variot - Updated: 2023-12-18 12:22

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201006-0023",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asa 5580",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.1\\(1\\)"
      },
      {
        "model": "asa 5580",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.1(2)"
      },
      {
        "model": "asa 5580",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "8.1\\(1\\)"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1(1)"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1"
      },
      {
        "model": "asa series adaptive security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55808.1(2)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1\\(1\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "41412"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2009-4919",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-4919",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-42365",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-4919",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201006-465",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42365",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. \nExploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4919",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "41412",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-42365",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "id": "VAR-201006-0023",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      }
    ],
    "trust": 0.7311873
  },
  "last_update_date": "2023-12-18T12:22:34.775000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco ASA 5580 Release Notes Version 8.1(2)",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4919"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4919"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "db": "BID",
        "id": "41412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "date": "2009-04-06T00:00:00",
        "db": "BID",
        "id": "41412"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "date": "2010-06-29T18:30:01.693000",
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "date": "2010-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42365"
      },
      {
        "date": "2009-04-06T00:00:00",
        "db": "BID",
        "id": "41412"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      },
      {
        "date": "2010-06-30T04:00:00",
        "db": "NVD",
        "id": "CVE-2009-4919"
      },
      {
        "date": "2010-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASA 5580 Series buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004012"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-465"
      }
    ],
    "trust": 0.6
  }
}

GHSA-6HQC-C4RR-FJ7Q

Vulnerability from github – Published: 2022-05-02 03:59 – Updated: 2022-05-02 03:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-06-29T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.",
  "id": "GHSA-6hqc-c4rr-fj7q",
  "modified": "2022-05-02T03:59:33Z",
  "published": "2022-05-02T03:59:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4919"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-4919

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-4919

Aliases

CVE-2009-4919

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4919",
    "description": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.",
    "id": "GSD-2009-4919"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4919"
      ],
      "details": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.",
      "id": "GSD-2009-4919",
      "modified": "2023-12-13T01:19:45.609644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4919",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
            "refsource": "CONFIRM",
            "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5580:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1\\(1\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4919"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-06-30T04:00Z",
      "publishedDate": "2010-06-29T18:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4919 (GCVE-0-2009-4919)

FKIE_CVE-2009-4919

CERTA-2010-AVI-292

Description

Solution

CERTA-2010-AVI-292

Description

Solution

VAR-201006-0023

GHSA-6HQC-C4RR-FJ7Q

GSD-2009-4919

Tags

Sightings

Nomenclature