CVE-2009-2865 — Vulnetix

CVE-2009-2865 PUBLISHED CVSS 7.599999904632568 HIGH

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.

EPSS 3.65% · 88.1th percentile

Risk Scores

CVSS 2.0

7.599999904632568

EPSS Score

3.65%

88.1th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_communications_manager_express
cisco	ios	12.4xw, 12.4xy, 12.4xz
n/a	n/a	n/a

Exploit Intelligence

36498 (circl)
ciscoios-cme-extension-bo(53448) (circl)
20090923 Cisco Unified Communications Manager Express Vulnerability (circl)
ADV-2009-2758 (circl)
http://tools.cisco.com/security/center/viewAlert.x?alertId=18884 (circl)
58335 (circl)
1022932 (circl)

Timeline

Sep 23, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 22, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

36498 vdb
ciscoios-cme-extension-bo(53448) vdb
20090923 Cisco Unified Communications Manager Express Vulnerability vendor-advisory
ADV-2009-2758 vdb
http://tools.cisco.com/security/center/viewAlert.x?alertId=18884 url
58335 vdb
1022932 vdb
https://nvd.nist.gov/vuln/detail/CVE-2009-2865 advisory

Open in Interactive Console →