Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software configured with Authentication Proxy for HTTP(S),
Web Authentication or the consent feature, contains a vulnerability
that may allow an unauthenticated session to bypass the authentication
proxy server or bypass the consent webpage.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.

See also :

http://www.nessus.org/u?ecc40a34
http://www.nessus.org/u?51a6d5db

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20090923-auth-proxy.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 49040 (cisco-sa-20090923-auth-proxyhttp.nasl)

Bugtraq ID: 36491

CVE ID: CVE-2009-2863