CVE-2009-2863
Cisco IOS 12.0-12.4 - Unauthenticated Authentication Bypass via Firewall Authentication Proxy Race Condition
Title source: llmDescription
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36491
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022935
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53453
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=18882
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/58340
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml
Scores
EPSS
0.0247
EPSS Percentile
82.5%
Details
CWE
CWE-287
Status
published
Products (50)
cisco/ios
12.0xk
cisco/ios
12.0xr
cisco/ios
12.1
cisco/ios
12.1e
cisco/ios
12.1ex
cisco/ios
12.1t
cisco/ios
12.1xc
cisco/ios
12.1xh
cisco/ios
12.1xi
cisco/ios
12.1xj
... and 40 more
Published
Sep 28, 2009
Tracked Since
Feb 18, 2026