CVE-2009-0637 : Detail

CVE-2009-0637

A01-Broken Access Control
1.14%V4
Network
2009-03-27
15h00 +00:00
2017-08-16
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-264 Category : Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Cisco>>Ios >> Version 12.2

Cisco>>Ios >> Version 12.2b

Cisco>>Ios >> Version 12.2bc

Cisco>>Ios >> Version 12.2bw

Cisco>>Ios >> Version 12.2bx

Cisco>>Ios >> Version 12.2by

Cisco>>Ios >> Version 12.2bz

Cisco>>Ios >> Version 12.2ca

Cisco>>Ios >> Version 12.2cx

Cisco>>Ios >> Version 12.2cy

Cisco>>Ios >> Version 12.2cz

Cisco>>Ios >> Version 12.2da

Cisco>>Ios >> Version 12.2dd

Cisco>>Ios >> Version 12.2dx

Cisco>>Ios >> Version 12.2ew

Cisco>>Ios >> Version 12.2ewa

Cisco>>Ios >> Version 12.2ex

Cisco>>Ios >> Version 12.2ey

Cisco>>Ios >> Version 12.2ez

Cisco>>Ios >> Version 12.2fx

Cisco>>Ios >> Version 12.2fy

Cisco>>Ios >> Version 12.2fz

Cisco>>Ios >> Version 12.2irb

Cisco>>Ios >> Version 12.2ixa

Cisco>>Ios >> Version 12.2ixb

Cisco>>Ios >> Version 12.2ixc

Cisco>>Ios >> Version 12.2ixd

Cisco>>Ios >> Version 12.2ixe

Cisco>>Ios >> Version 12.2ixf

Cisco>>Ios >> Version 12.2ixg

Cisco>>Ios >> Version 12.2ja

Cisco>>Ios >> Version 12.2jk

Cisco>>Ios >> Version 12.2l

Cisco>>Ios >> Version 12.2mb

Cisco>>Ios >> Version 12.2mc

Cisco>>Ios >> Version 12.2rc

Cisco>>Ios >> Version 12.2s

Cisco>>Ios >> Version 12.2sb

Cisco>>Ios >> Version 12.2sbc

Cisco>>Ios >> Version 12.2sca

Cisco>>Ios >> Version 12.2sga

Cisco>>Ios >> Version 12.2sm

Cisco>>Ios >> Version 12.2so

Cisco>>Ios >> Version 12.2sr

Cisco>>Ios >> Version 12.2sra

Cisco>>Ios >> Version 12.2srb

Cisco>>Ios >> Version 12.2src

Cisco>>Ios >> Version 12.2su

Cisco>>Ios >> Version 12.2sv

Cisco>>Ios >> Version 12.2sva

Cisco>>Ios >> Version 12.2svc

Cisco>>Ios >> Version 12.2svd

Cisco>>Ios >> Version 12.2sve

Cisco>>Ios >> Version 12.2sw

Cisco>>Ios >> Version 12.2sx

Cisco>>Ios >> Version 12.2sxa

Cisco>>Ios >> Version 12.2sxb

Cisco>>Ios >> Version 12.2sxd

Cisco>>Ios >> Version 12.2sxe

Cisco>>Ios >> Version 12.2sxf

Cisco>>Ios >> Version 12.2sy

Cisco>>Ios >> Version 12.2sz

Cisco>>Ios >> Version 12.2t

Cisco>>Ios >> Version 12.2tpc

Cisco>>Ios >> Version 12.2xa

Cisco>>Ios >> Version 12.2xb

Cisco>>Ios >> Version 12.2xc

Cisco>>Ios >> Version 12.2xd

Cisco>>Ios >> Version 12.2xe

Cisco>>Ios >> Version 12.2xf

Cisco>>Ios >> Version 12.2xg

Cisco>>Ios >> Version 12.2xh

Cisco>>Ios >> Version 12.2xi

Cisco>>Ios >> Version 12.2xj

Cisco>>Ios >> Version 12.2xk

Cisco>>Ios >> Version 12.2xl

Cisco>>Ios >> Version 12.2xm

Cisco>>Ios >> Version 12.2xn

Cisco>>Ios >> Version 12.2xo

Cisco>>Ios >> Version 12.2xq

Cisco>>Ios >> Version 12.2xr

Cisco>>Ios >> Version 12.2xs

Cisco>>Ios >> Version 12.2xt

Cisco>>Ios >> Version 12.2xu

Cisco>>Ios >> Version 12.2xv

Cisco>>Ios >> Version 12.2xw

Cisco>>Ios >> Version 12.2ya

Cisco>>Ios >> Version 12.2yb

Cisco>>Ios >> Version 12.2yc

Cisco>>Ios >> Version 12.2yd

Cisco>>Ios >> Version 12.2ye

Cisco>>Ios >> Version 12.2yf

Cisco>>Ios >> Version 12.2yg

Cisco>>Ios >> Version 12.2yh

Cisco>>Ios >> Version 12.2yj

Cisco>>Ios >> Version 12.2yk

Cisco>>Ios >> Version 12.2yl

Cisco>>Ios >> Version 12.2ym

Cisco>>Ios >> Version 12.2yn

Cisco>>Ios >> Version 12.2yo

Cisco>>Ios >> Version 12.2yp

Cisco>>Ios >> Version 12.2yq

Cisco>>Ios >> Version 12.2yr

Cisco>>Ios >> Version 12.2ys

Cisco>>Ios >> Version 12.2yt

Cisco>>Ios >> Version 12.2yu

Cisco>>Ios >> Version 12.2yv

Cisco>>Ios >> Version 12.2yw

Cisco>>Ios >> Version 12.2yx

Cisco>>Ios >> Version 12.2yy

Cisco>>Ios >> Version 12.2yz

Cisco>>Ios >> Version 12.2za

Cisco>>Ios >> Version 12.2zb

Cisco>>Ios >> Version 12.2zc

Cisco>>Ios >> Version 12.2zd

Cisco>>Ios >> Version 12.2ze

Cisco>>Ios >> Version 12.2zf

Cisco>>Ios >> Version 12.2zg

Cisco>>Ios >> Version 12.2zh

Cisco>>Ios >> Version 12.2zj

Cisco>>Ios >> Version 12.2zl

Cisco>>Ios >> Version 12.2zp

Cisco>>Ios >> Version 12.2zu

Cisco>>Ios >> Version 12.2zx

Cisco>>Ios >> Version 12.2zy

Cisco>>Ios >> Version 12.2zya

Cisco>>Ios >> Version 12.4

Cisco>>Ios >> Version 12.4\(1\)

Cisco>>Ios >> Version 12.4\(1b\)

Cisco>>Ios >> Version 12.4\(1c\)

Cisco>>Ios >> Version 12.4\(2\)mr

Cisco>>Ios >> Version 12.4\(2\)mr1

Cisco>>Ios >> Version 12.4\(2\)t

Cisco>>Ios >> Version 12.4\(2\)t1

Cisco>>Ios >> Version 12.4\(2\)t2

Cisco>>Ios >> Version 12.4\(2\)t3

Cisco>>Ios >> Version 12.4\(2\)t4

Cisco>>Ios >> Version 12.4\(2\)xa

Cisco>>Ios >> Version 12.4\(2\)xb

Cisco>>Ios >> Version 12.4\(2\)xb2

Cisco>>Ios >> Version 12.4\(3\)

Cisco>>Ios >> Version 12.4\(3\)t2

Cisco>>Ios >> Version 12.4\(3a\)

Cisco>>Ios >> Version 12.4\(3b\)

Cisco>>Ios >> Version 12.4\(3d\)

Cisco>>Ios >> Version 12.4\(4\)mr

Cisco>>Ios >> Version 12.4\(4\)t

Cisco>>Ios >> Version 12.4\(4\)t2

Cisco>>Ios >> Version 12.4\(5\)

Cisco>>Ios >> Version 12.4\(5b\)

Cisco>>Ios >> Version 12.4\(6\)t

Cisco>>Ios >> Version 12.4\(6\)t1

Cisco>>Ios >> Version 12.4\(7\)

Cisco>>Ios >> Version 12.4\(7a\)

Cisco>>Ios >> Version 12.4\(8\)

Cisco>>Ios >> Version 12.4\(9\)t

Cisco>>Ios >> Version 12.4\(23\)

Cisco>>Ios >> Version 12.4ja

Cisco>>Ios >> Version 12.4jda

Cisco>>Ios >> Version 12.4jk

Cisco>>Ios >> Version 12.4jl

Cisco>>Ios >> Version 12.4jma

Cisco>>Ios >> Version 12.4jmb

Cisco>>Ios >> Version 12.4jx

Cisco>>Ios >> Version 12.4md

Cisco>>Ios >> Version 12.4mr

Cisco>>Ios >> Version 12.4s

Cisco>>Ios >> Version 12.4sw

Cisco>>Ios >> Version 12.4t

Cisco>>Ios >> Version 12.4xa

Cisco>>Ios >> Version 12.4xb

Cisco>>Ios >> Version 12.4xc

Cisco>>Ios >> Version 12.4xd

Cisco>>Ios >> Version 12.4xe

Cisco>>Ios >> Version 12.4xf

Cisco>>Ios >> Version 12.4xg

Cisco>>Ios >> Version 12.4xj

Cisco>>Ios >> Version 12.4xk

Cisco>>Ios >> Version 12.4xl

Cisco>>Ios >> Version 12.4xm

Cisco>>Ios >> Version 12.4xn

Cisco>>Ios >> Version 12.4xp

Cisco>>Ios >> Version 12.4xt

Cisco>>Ios >> Version 12.4xv

Cisco>>Ios >> Version 12.4xw

Cisco>>Ios >> Version 12.4xy

Cisco>>Ios_xr >> Version 12.4

References

http://secunia.com/advisories/34438
Tags : third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1021899
Tags : vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/34247
Tags : vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2009/0851
Tags : vdb-entry, x_refsource_VUPEN
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.