CVE-2009-2863

CVE Descriptions

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.1		AV:N/AC:M/Au:N/C:C/I:N/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.32%	–	–
2022-02-27	–	–	1.32%	–	–
2022-04-03	–	–	1.32%	–	–
2022-05-15	–	–	1.32%	–	–
2022-09-18	–	–	1.32%	–	–
2023-03-12	–	–	–	0.45%	–
2023-04-09	–	–	–	0.31%	–
2023-09-17	–	–	–	0.31%	–
2024-02-11	–	–	–	0.31%	–
2024-03-03	–	–	–	0.31%	–
2024-06-02	–	–	–	0.31%	–
2024-07-21	–	–	–	0.31%	–
2024-08-04	–	–	–	0.31%	–
2024-08-11	–	–	–	0.31%	–
2024-12-22	–	–	–	0.31%	–
2025-01-19	–	–	–	0.31%	–
2025-03-18	–	–	–	–	0.41%
2025-03-30	–	–	–	–	0.41%
2025-04-15	–	–	–	–	0.41%
2025-04-15	–	–	–	–	0.41,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	45%
2022-02-27	46%
2022-04-03	69%
2022-05-15	7%
2022-09-18	71%
2023-03-12	71%
2023-04-09	66%
2023-09-17	67%
2024-02-11	69%
2024-03-03	7%
2024-06-02	7%
2024-07-21	71%
2024-08-04	7%
2024-08-11	71%
2024-12-22	7%
2025-01-19	7%
2025-03-18	59%
2025-03-30	58%
2025-04-15	6%
2025-04-15	6%

Products Mentioned

Configuraton 0

Cisco>>Ios >> Version 12.0xk

Cisco>>Ios >> Version 12.0xk (Open CPE detail)

Cisco>>Ios >> Version 12.0xr

Cisco>>Ios >> Version 12.0xr (Open CPE detail)

Cisco>>Ios >> Version 12.1

Cisco>>Ios >> Version 12.1 (Open CPE detail)

Cisco>>Ios >> Version 12.1e

Cisco>>Ios >> Version 12.1e (Open CPE detail)

Cisco>>Ios >> Version 12.1ex

Cisco>>Ios >> Version 12.1ex (Open CPE detail)

Cisco>>Ios >> Version 12.1t

Cisco>>Ios >> Version 12.1t (Open CPE detail)

Cisco>>Ios >> Version 12.1xc

Cisco>>Ios >> Version 12.1xc (Open CPE detail)

Cisco>>Ios >> Version 12.1xh

Cisco>>Ios >> Version 12.1xh (Open CPE detail)

Cisco>>Ios >> Version 12.1xi

Cisco>>Ios >> Version 12.1xi (Open CPE detail)

Cisco>>Ios >> Version 12.1xj

Cisco>>Ios >> Version 12.1xj (Open CPE detail)

Cisco>>Ios >> Version 12.1xm

Cisco>>Ios >> Version 12.1xm (Open CPE detail)

Cisco>>Ios >> Version 12.1xp

Cisco>>Ios >> Version 12.1xp (Open CPE detail)

Cisco>>Ios >> Version 12.1xr

Cisco>>Ios >> Version 12.1xr (Open CPE detail)

Cisco>>Ios >> Version 12.1yb

Cisco>>Ios >> Version 12.1yb (Open CPE detail)

Cisco>>Ios >> Version 12.1yd

Cisco>>Ios >> Version 12.1yd (Open CPE detail)

Cisco>>Ios >> Version 12.1yf

Cisco>>Ios >> Version 12.1yf (Open CPE detail)

Cisco>>Ios >> Version 12.1yi

Cisco>>Ios >> Version 12.1yi (Open CPE detail)

Cisco>>Ios >> Version 12.2

Cisco>>Ios >> Version 12.2 (Open CPE detail)

Cisco>>Ios >> Version 12.2b

Cisco>>Ios >> Version 12.2b (Open CPE detail)

Cisco>>Ios >> Version 12.2bw

Cisco>>Ios >> Version 12.2bw (Open CPE detail)

Cisco>>Ios >> Version 12.2cz

Cisco>>Ios >> Version 12.2cz (Open CPE detail)

Cisco>>Ios >> Version 12.2dd

Cisco>>Ios >> Version 12.2dd (Open CPE detail)

Cisco>>Ios >> Version 12.2ex

Cisco>>Ios >> Version 12.2ex (Open CPE detail)

Cisco>>Ios >> Version 12.2ey

Cisco>>Ios >> Version 12.2ey (Open CPE detail)

Cisco>>Ios >> Version 12.2fz

Cisco>>Ios >> Version 12.2fz (Open CPE detail)

Cisco>>Ios >> Version 12.2ira

Cisco>>Ios >> Version 12.2ira (Open CPE detail)

Cisco>>Ios >> Version 12.2irb

Cisco>>Ios >> Version 12.2irb (Open CPE detail)

Cisco>>Ios >> Version 12.2irc

Cisco>>Ios >> Version 12.2irc (Open CPE detail)

Cisco>>Ios >> Version 12.2ixa

Cisco>>Ios >> Version 12.2ixa (Open CPE detail)

Cisco>>Ios >> Version 12.2ixb

Cisco>>Ios >> Version 12.2ixb (Open CPE detail)

Cisco>>Ios >> Version 12.2ixc

Cisco>>Ios >> Version 12.2ixc (Open CPE detail)

Cisco>>Ios >> Version 12.2ixd

Cisco>>Ios >> Version 12.2ixd (Open CPE detail)

Cisco>>Ios >> Version 12.2ixe

Cisco>>Ios >> Version 12.2ixe (Open CPE detail)

Cisco>>Ios >> Version 12.2ixf

Cisco>>Ios >> Version 12.2ixf (Open CPE detail)

Cisco>>Ios >> Version 12.2ixg

Cisco>>Ios >> Version 12.2ixg (Open CPE detail)

Cisco>>Ios >> Version 12.2s

Cisco>>Ios >> Version 12.2s (Open CPE detail)

Cisco>>Ios >> Version 12.2sbc

Cisco>>Ios >> Version 12.2sbc (Open CPE detail)

Cisco>>Ios >> Version 12.2se

Cisco>>Ios >> Version 12.2se (Open CPE detail)

Cisco>>Ios >> Version 12.2sec

Cisco>>Ios >> Version 12.2sec (Open CPE detail)

Cisco>>Ios >> Version 12.2sed

Cisco>>Ios >> Version 12.2sed (Open CPE detail)

Cisco>>Ios >> Version 12.2see

Cisco>>Ios >> Version 12.2see (Open CPE detail)

Cisco>>Ios >> Version 12.2sef

Cisco>>Ios >> Version 12.2sef (Open CPE detail)

Cisco>>Ios >> Version 12.2seg

Cisco>>Ios >> Version 12.2seg (Open CPE detail)

Cisco>>Ios >> Version 12.2sg

Cisco>>Ios >> Version 12.2sg (Open CPE detail)

Cisco>>Ios >> Version 12.2sga

Cisco>>Ios >> Version 12.2sga (Open CPE detail)

Cisco>>Ios >> Version 12.2sq

Cisco>>Ios >> Version 12.2sq (Open CPE detail)

Cisco>>Ios >> Version 12.2sra

Cisco>>Ios >> Version 12.2sra (Open CPE detail)

Cisco>>Ios >> Version 12.2srb

Cisco>>Ios >> Version 12.2srb (Open CPE detail)

Cisco>>Ios >> Version 12.2src

Cisco>>Ios >> Version 12.2src (Open CPE detail)

Cisco>>Ios >> Version 12.2su

Cisco>>Ios >> Version 12.2su (Open CPE detail)

Cisco>>Ios >> Version 12.2sx

Cisco>>Ios >> Version 12.2sx (Open CPE detail)

Cisco>>Ios >> Version 12.2sxa

Cisco>>Ios >> Version 12.2sxa (Open CPE detail)

Cisco>>Ios >> Version 12.2sxb

Cisco>>Ios >> Version 12.2sxb (Open CPE detail)

Cisco>>Ios >> Version 12.2sxd

Cisco>>Ios >> Version 12.2sxd (Open CPE detail)

Cisco>>Ios >> Version 12.2sxe

Cisco>>Ios >> Version 12.2sxe (Open CPE detail)

Cisco>>Ios >> Version 12.2sxf

Cisco>>Ios >> Version 12.2sxf (Open CPE detail)

Cisco>>Ios >> Version 12.2sxh

Cisco>>Ios >> Version 12.2sxh (Open CPE detail)

Cisco>>Ios >> Version 12.2sxi

Cisco>>Ios >> Version 12.2sxi (Open CPE detail)

Cisco>>Ios >> Version 12.2t

Cisco>>Ios >> Version 12.2t (Open CPE detail)

Cisco>>Ios >> Version 12.2tpc

Cisco>>Ios >> Version 12.2tpc (Open CPE detail)

Cisco>>Ios >> Version 12.2xa

Cisco>>Ios >> Version 12.2xa (Open CPE detail)

Cisco>>Ios >> Version 12.2xb

Cisco>>Ios >> Version 12.2xb (Open CPE detail)

Cisco>>Ios >> Version 12.2xd

Cisco>>Ios >> Version 12.2xd (Open CPE detail)

Cisco>>Ios >> Version 12.2xe

Cisco>>Ios >> Version 12.2xe (Open CPE detail)

Cisco>>Ios >> Version 12.2xg

Cisco>>Ios >> Version 12.2xg (Open CPE detail)

Cisco>>Ios >> Version 12.2xj

Cisco>>Ios >> Version 12.2xj (Open CPE detail)

Cisco>>Ios >> Version 12.2xk

Cisco>>Ios >> Version 12.2xk (Open CPE detail)

Cisco>>Ios >> Version 12.2xl

Cisco>>Ios >> Version 12.2xl (Open CPE detail)

Cisco>>Ios >> Version 12.2xm

Cisco>>Ios >> Version 12.2xm (Open CPE detail)

Cisco>>Ios >> Version 12.2xo

Cisco>>Ios >> Version 12.2xo (Open CPE detail)

Cisco>>Ios >> Version 12.2xq

Cisco>>Ios >> Version 12.2xq (Open CPE detail)

Cisco>>Ios >> Version 12.2xt

Cisco>>Ios >> Version 12.2xt (Open CPE detail)

Cisco>>Ios >> Version 12.2xv

Cisco>>Ios >> Version 12.2xv (Open CPE detail)

Cisco>>Ios >> Version 12.2xw

Cisco>>Ios >> Version 12.2xw (Open CPE detail)

Cisco>>Ios >> Version 12.2ya

Cisco>>Ios >> Version 12.2ya (Open CPE detail)

Cisco>>Ios >> Version 12.2yb

Cisco>>Ios >> Version 12.2yb (Open CPE detail)

Cisco>>Ios >> Version 12.2yc

Cisco>>Ios >> Version 12.2yc (Open CPE detail)

Cisco>>Ios >> Version 12.2ye

Cisco>>Ios >> Version 12.2ye (Open CPE detail)

Cisco>>Ios >> Version 12.2yf

Cisco>>Ios >> Version 12.2yf (Open CPE detail)

Cisco>>Ios >> Version 12.2yh

Cisco>>Ios >> Version 12.2yh (Open CPE detail)

Cisco>>Ios >> Version 12.2yl

Cisco>>Ios >> Version 12.2yl (Open CPE detail)

Cisco>>Ios >> Version 12.2ym

Cisco>>Ios >> Version 12.2ym (Open CPE detail)

Cisco>>Ios >> Version 12.2yn

Cisco>>Ios >> Version 12.2yn (Open CPE detail)

Cisco>>Ios >> Version 12.2yq

Cisco>>Ios >> Version 12.2yq (Open CPE detail)

Cisco>>Ios >> Version 12.2yu

Cisco>>Ios >> Version 12.2yu (Open CPE detail)

Cisco>>Ios >> Version 12.2yv

Cisco>>Ios >> Version 12.2yv (Open CPE detail)

Cisco>>Ios >> Version 12.2yx

Cisco>>Ios >> Version 12.2yx (Open CPE detail)

Cisco>>Ios >> Version 12.2yz

Cisco>>Ios >> Version 12.2yz (Open CPE detail)

Cisco>>Ios >> Version 12.2zd

Cisco>>Ios >> Version 12.2zd (Open CPE detail)

Cisco>>Ios >> Version 12.2zh

Cisco>>Ios >> Version 12.2zh (Open CPE detail)

Cisco>>Ios >> Version 12.2zj

Cisco>>Ios >> Version 12.2zj (Open CPE detail)

Cisco>>Ios >> Version 12.2zl

Cisco>>Ios >> Version 12.2zl (Open CPE detail)

Cisco>>Ios >> Version 12.2zy

Cisco>>Ios >> Version 12.2zy (Open CPE detail)

Cisco>>Ios >> Version 12.2zya

Cisco>>Ios >> Version 12.2zya (Open CPE detail)

Cisco>>Ios >> Version 12.3

Cisco>>Ios >> Version 12.3 (Open CPE detail)

Cisco>>Ios >> Version 12.3b

Cisco>>Ios >> Version 12.3b (Open CPE detail)

Cisco>>Ios >> Version 12.3jk

Cisco>>Ios >> Version 12.3jk (Open CPE detail)

Cisco>>Ios >> Version 12.3t

Cisco>>Ios >> Version 12.3t (Open CPE detail)

Cisco>>Ios >> Version 12.3tpc

Cisco>>Ios >> Version 12.3tpc (Open CPE detail)

Cisco>>Ios >> Version 12.3va

Cisco>>Ios >> Version 12.3va (Open CPE detail)

Cisco>>Ios >> Version 12.3xa

Cisco>>Ios >> Version 12.3xa (Open CPE detail)

Cisco>>Ios >> Version 12.3xc

Cisco>>Ios >> Version 12.3xc (Open CPE detail)

Cisco>>Ios >> Version 12.3xd

Cisco>>Ios >> Version 12.3xd (Open CPE detail)

Cisco>>Ios >> Version 12.3xe

Cisco>>Ios >> Version 12.3xe (Open CPE detail)

Cisco>>Ios >> Version 12.3xf

Cisco>>Ios >> Version 12.3xf (Open CPE detail)

Cisco>>Ios >> Version 12.3xg

Cisco>>Ios >> Version 12.3xg (Open CPE detail)

Cisco>>Ios >> Version 12.3xk

Cisco>>Ios >> Version 12.3xk (Open CPE detail)

Cisco>>Ios >> Version 12.3xl

Cisco>>Ios >> Version 12.3xl (Open CPE detail)

Cisco>>Ios >> Version 12.3xq

Cisco>>Ios >> Version 12.3xq (Open CPE detail)

Cisco>>Ios >> Version 12.3xr

Cisco>>Ios >> Version 12.3xr (Open CPE detail)

Cisco>>Ios >> Version 12.3xx

Cisco>>Ios >> Version 12.3xx (Open CPE detail)

Cisco>>Ios >> Version 12.3ya

Cisco>>Ios >> Version 12.3ya (Open CPE detail)

Cisco>>Ios >> Version 12.3yd

Cisco>>Ios >> Version 12.3yd (Open CPE detail)

Cisco>>Ios >> Version 12.3yg

Cisco>>Ios >> Version 12.3yg (Open CPE detail)

Cisco>>Ios >> Version 12.3yh

Cisco>>Ios >> Version 12.3yh (Open CPE detail)

Cisco>>Ios >> Version 12.3yi

Cisco>>Ios >> Version 12.3yi (Open CPE detail)

Cisco>>Ios >> Version 12.3yk

Cisco>>Ios >> Version 12.3yk (Open CPE detail)

Cisco>>Ios >> Version 12.3ym

Cisco>>Ios >> Version 12.3ym (Open CPE detail)

Cisco>>Ios >> Version 12.3yt

Cisco>>Ios >> Version 12.3yt (Open CPE detail)

Cisco>>Ios >> Version 12.3yz

Cisco>>Ios >> Version 12.3yz (Open CPE detail)

Cisco>>Ios >> Version 12.4

Cisco>>Ios >> Version 12.4 (Open CPE detail)

Cisco>>Ios >> Version 12.4mr

Cisco>>Ios >> Version 12.4mr (Open CPE detail)

Cisco>>Ios >> Version 12.4t

Cisco>>Ios >> Version 12.4t (Open CPE detail)

Cisco>>Ios >> Version 12.4xa

Cisco>>Ios >> Version 12.4xa (Open CPE detail)

Cisco>>Ios >> Version 12.4xd

Cisco>>Ios >> Version 12.4xd (Open CPE detail)

Cisco>>Ios >> Version 12.4xe

Cisco>>Ios >> Version 12.4xe (Open CPE detail)

Cisco>>Ios >> Version 12.4xf

Cisco>>Ios >> Version 12.4xf (Open CPE detail)

Cisco>>Ios >> Version 12.4xj

Cisco>>Ios >> Version 12.4xj (Open CPE detail)

Cisco>>Ios >> Version 12.4xk

Cisco>>Ios >> Version 12.4xk (Open CPE detail)

Cisco>>Ios >> Version 12.4xt

Cisco>>Ios >> Version 12.4xt (Open CPE detail)

Cisco>>Ios >> Version 12.4xv

Cisco>>Ios >> Version 12.4xv (Open CPE detail)

Cisco>>Ios >> Version 12.4xw

Cisco>>Ios >> Version 12.4xw (Open CPE detail)

Cisco>>Ios >> Version 12.4xy

Cisco>>Ios >> Version 12.4xy (Open CPE detail)

Cisco>>Ios >> Version 12.4xz

Cisco>>Ios >> Version 12.4xz (Open CPE detail)

Cisco>>Ios >> Version 12.4ya

Cisco>>Ios >> Version 12.4ya (Open CPE detail)

Cisco>>Ios >> Version 12.4yb

Cisco>>Ios >> Version 12.4yb (Open CPE detail)

References

http://www.securityfocus.com/bid/36491
Tags : vdb-entry, x_refsource_BID

http://www.securitytracker.com/id?1022935
Tags : vdb-entry, x_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/53453
Tags : vdb-entry, x_refsource_XF

http://tools.cisco.com/security/center/viewAlert.x?alertId=18882
Tags : x_refsource_CONFIRM

http://osvdb.org/58340
Tags : vdb-entry, x_refsource_OSVDB

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml
Tags : vendor-advisory, x_refsource_CISCO

CVE-2009-2863 : Detail