Sign-up

ID

VAR-200902-0034


CVE

CVE-2009-0470


TITLE

Cisco IOS of HTTP Multiple cross-site scripting vulnerabilities in servers

Trust: 0.8

sources: JVNDB: JVNDB-2009-001356

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. This vulnerability CVE-2008-3821 Is a different vulnerability. IOS is prone to a cross-site scripting vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. In addition, attackers can also perform administrative operations through cross-site request forgery attacks. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA33844 VERIFY ADVISORY: http://secunia.com/advisories/33844/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/advisories/product/182/ Cisco IOS R12.x http://secunia.com/advisories/product/50/ DESCRIPTION: Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user into visiting a malicious web site. The vulnerabilities are reported in Cisco IOS firmware version 12.4(23). Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not visit untrusted websites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Zloss ORIGINAL ADVISORY: http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-0470 // JVNDB: JVNDB-2009-001356 // BID: 80637 // VULHUB: VHN-37916 // PACKETSTORM: 74762

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.4\(23\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.4(23)

Trust: 0.3

sources: BID: 80637 // JVNDB: JVNDB-2009-001356 // CNNVD: CNNVD-200902-137 // NVD: CVE-2009-0470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0470
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-0470
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200902-137
value: MEDIUM

Trust: 0.6

VULHUB: VHN-37916
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-0470
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37916
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37916 // JVNDB: JVNDB-2009-001356 // CNNVD: CNNVD-200902-137 // NVD: CVE-2009-0470

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-37916 // JVNDB: JVNDB-2009-001356 // NVD: CVE-2009-0470

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-137

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200902-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001356

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-37916

PATCH
title:Top Pageurl:http://www.cisco.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001356

EXTERNAL IDS
db:NVDid:CVE-2009-0470
Trust: 2.8
db:BIDid:33625
Trust: 2.0
db:SECUNIAid:33844
Trust: 1.8
db:JVNDBid:JVNDB-2009-001356
Trust: 0.8
db:CNNVDid:CNNVD-200902-137
Trust: 0.7
db:BUGTRAQid:20090204 CISCO IOS XSS/CSRF VULNERABILITY
Trust: 0.6
db:BIDid:80637
Trust: 0.4
db:SEEBUGid:SSVID-86049
Trust: 0.1
db:EXPLOIT-DBid:32776
Trust: 0.1
db:VULHUBid:VHN-37916
Trust: 0.1
db:PACKETSTORMid:74762
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37916 // 
            
            
            
            BID: 80637 // 
            
            
            
            JVNDB: JVNDB-2009-001356 // 
            
            
            
            PACKETSTORM: 74762 // 
            
            
            
            CNNVD: CNNVD-200902-137 // 
            
            
            
            NVD: CVE-2009-0470

REFERENCES
url:http://www.securityfocus.com/bid/33625
Trust: 2.0
url:http://secunia.com/advisories/33844
Trust: 1.7
url:http://www.securityfocus.com/archive/1/500674/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/500674/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0470
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0470
Trust: 0.8
url:http://secunia.com/advisories/33844/
Trust: 0.1
url:http://secunia.com/advisories/product/50/
Trust: 0.1
url:http://secunia.com/advisories/product/182/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37916 // 
            
            
            
            BID: 80637 // 
            
            
            
            JVNDB: JVNDB-2009-001356 // 
            
            
            
            PACKETSTORM: 74762 // 
            
            
            
            CNNVD: CNNVD-200902-137 // 
            
            
            
            NVD: CVE-2009-0470

CREDITS
Adrian Pastor※ m123303@richmond.ac.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200902-137

SOURCES
db:VULHUBid:VHN-37916
db:BIDid:80637
db:JVNDBid:JVNDB-2009-001356
db:PACKETSTORMid:74762
db:CNNVDid:CNNVD-200902-137
db:NVDid:CVE-2009-0470

LAST UPDATE DATE
2025-04-10T23:05:16.256000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37916date:2018-10-11T00:00:00
db:BIDid:80637date:2009-02-06T00:00:00
db:JVNDBid:JVNDB-2009-001356date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200902-137date:2009-02-12T00:00:00
db:NVDid:CVE-2009-0470date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-37916date:2009-02-06T00:00:00
db:BIDid:80637date:2009-02-06T00:00:00
db:JVNDBid:JVNDB-2009-001356date:2009-06-30T00:00:00
db:PACKETSTORMid:74762date:2009-02-09T08:44:26
db:CNNVDid:CNNVD-200902-137date:2009-01-14T00:00:00
db:NVDid:CVE-2009-0470date:2009-02-06T19:30:00.530