Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2009-0056

CVE information

Published

14 years ago

Last Modified

12 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Share

Description

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action..

CVSSv2.0 Score

Severity
Medium
Base Score
6.8/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.3:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.1:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3:*:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:
  Yes
- -
cpe:2.3:h:cisco:ironport_postx:6.2.2.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.2:*:*:*:
  Yes
- -

References