Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS Software configured with Authentication Proxy for HTTP(S),
Web Authentication or the consent feature, contains a vulnerability
that may allow an unauthenticated session to bypass the authentication
proxy server or bypass the consent webpage.
Cisco has released free software updates that address this
There are no workarounds that mitigate this vulnerability.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 49040 (cisco-sa-20090923-auth-proxyhttp.nasl)

Bugtraq ID: 36491

CVE ID: CVE-2009-2863

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now