CVE-2009-0056

CVE information

Published

13 years ago

Last Modified

11 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action..

CVSSv2.0 Score

Severity
Medium
Base Score
6.8/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.3:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.2:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3:*:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.1:*:*:*:*:*:*:*
  Yes
- -

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni to scan their assets for vulnerabilities. Mageni is free for 7-days then $39 monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Developed and supported by certified CompTIA PenTest+ professionals. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free
App screenshot