Details of VAR-200902-0035

ID

VAR-200902-0035

CVE

CVE-2009-0471

TITLE

Cisco IOS of HTTP Server cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-001355

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. IOS is prone to a cross-site request forgery vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA33844 VERIFY ADVISORY: http://secunia.com/advisories/33844/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/advisories/product/182/ Cisco IOS R12.x http://secunia.com/advisories/product/50/ DESCRIPTION: Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user into visiting a malicious web site. The vulnerabilities are reported in Cisco IOS firmware version 12.4(23). Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not visit untrusted websites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Zloss ORIGINAL ADVISORY: http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-0471 // JVNDB: JVNDB-2009-001355 // BID: 79584 // VULHUB: VHN-37917 // PACKETSTORM: 74762

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.4\(23\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.4(23)	Trust: 0.3

sources: BID: 79584 // JVNDB: JVNDB-2009-001355 // CNNVD: CNNVD-200902-138 // NVD: CVE-2009-0471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0471
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-0471
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200902-138
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-37917
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0471
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37917
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37917 // JVNDB: JVNDB-2009-001355 // CNNVD: CNNVD-200902-138 // NVD: CVE-2009-0471

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-37917 // JVNDB: JVNDB-2009-001355 // NVD: CVE-2009-0471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-138

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200902-138

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001355

PATCH

title:

TOP PAGE

url:

http://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001355

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0471	Trust: 2.8
db:	SECUNIA	id:	33844	Trust: 1.8
db:	JVNDB	id:	JVNDB-2009-001355	Trust: 0.8
db:	BUGTRAQ	id:	20090204 CISCO IOS XSS/CSRF VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200902-138	Trust: 0.6
db:	BID	id:	79584	Trust: 0.4
db:	VULHUB	id:	VHN-37917	Trust: 0.1
db:	PACKETSTORM	id:	74762	Trust: 0.1

sources: VULHUB: VHN-37917 // BID: 79584 // JVNDB: JVNDB-2009-001355 // PACKETSTORM: 74762 // CNNVD: CNNVD-200902-138 // NVD: CVE-2009-0471

REFERENCES

url:	http://secunia.com/advisories/33844	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/500674/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/500674/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0471	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0471	Trust: 0.8
url:	http://secunia.com/advisories/33844/	Trust: 0.1
url:	http://secunia.com/advisories/product/50/	Trust: 0.1
url:	http://secunia.com/advisories/product/182/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-37917 // BID: 79584 // JVNDB: JVNDB-2009-001355 // PACKETSTORM: 74762 // CNNVD: CNNVD-200902-138 // NVD: CVE-2009-0471

CREDITS

Unknown

Trust: 0.3

sources: BID: 79584

SOURCES

db:	VULHUB	id:	VHN-37917
db:	BID	id:	79584
db:	JVNDB	id:	JVNDB-2009-001355
db:	PACKETSTORM	id:	74762
db:	CNNVD	id:	CNNVD-200902-138
db:	NVD	id:	CVE-2009-0471

LAST UPDATE DATE

2025-04-10T23:05:16.222000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37917	date:	2018-10-11T00:00:00
db:	BID	id:	79584	date:	2009-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-001355	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200902-138	date:	2009-02-12T00:00:00
db:	NVD	id:	CVE-2009-0471	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37917	date:	2009-02-06T00:00:00
db:	BID	id:	79584	date:	2009-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-001355	date:	2009-06-30T00:00:00
db:	PACKETSTORM	id:	74762	date:	2009-02-09T08:44:26
db:	CNNVD	id:	CNNVD-200902-138	date:	2009-02-06T00:00:00
db:	NVD	id:	CVE-2009-0471	date:	2009-02-06T19:30:00.547