CVE-2009-2862

critical

Description

The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.

References

http://www.vupen.com/english/advisories/2009/2759

http://www.securityfocus.com/bid/36495

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8119.shtml

http://tools.cisco.com/security/center/viewAlert.x?alertId=18876

Details

Source: Mitre, NVD

Published: 2009-09-28

Updated: 2022-06-02

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical