CVE-2009-1160

high

Description

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.

References

http://www.vupen.com/english/advisories/2009/0981

http://www.securitytracker.com/id?1022017

http://www.securityfocus.com/bid/34429

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml

http://secunia.com/advisories/34607

Details

Source: Mitre, NVD

Published: 2009-04-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00262