CVE-2009-4455 (CNNVD-200912-392)
中文标题:
Cisco ASA 5500 默认配置权限许可和访问控制漏洞
英文标题:
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1,...
漏洞描述
中文描述:
Cisco ASA 5500 Series Adaptive Security Appliance 默认配置存在权限许可和访问控制漏洞。Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA)的默认设置允许交易入口访问任意受阻服务器,远程验证用户可以借助扰乱ROT13和一个特定编码的一个人工URL绕过访问限制并访问未经授权的网点。
英文描述:
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.0 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_5500 | 7.1 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_5500 | 7.2 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_5500 | 8.0 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_5500 | 8.1 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_5500 | 8.2 | - | - |
cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
CVSS评分详情
AV:N/AC:L/Au:S/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2009-4455 |
2025-11-11 15:18:13 | 2025-11-11 07:33:04 |
| NVD | nvd_CVE-2009-4455 |
2025-11-11 14:53:01 | 2025-11-11 07:41:52 |
| CNNVD | cnnvd_CNNVD-200912-392 |
2025-11-11 15:09:08 | 2025-11-11 07:49:40 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200912-392
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:S/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']