Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0056

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-0056
Last Modified 07 Mar 2011 10:17:50
Published 16 Jan 2009 04:30:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0056

Summary

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.

Vulnerable Systems


References

VUPEN - ADV-2009-0140

BID - 33268

CISCO - 20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities

SECTRACK - 1021594

SECUNIA - 33479

OSVDB - 51398


Last Updated: 27 May 2016 10:50:06