CVE-2009-2862

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8119.shtml", "name": "20090923 Cisco IOS Software Object-group Access Control List Bypass Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18876", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18876", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/58338", "name": "58338", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1022933", "name": "1022933", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/2759", "name": "ADV-2009-2759", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/36495", "name": "36495", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2862", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-09-28T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xnd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xnb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.4md:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2xnc:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-06-02T17:23Z"}