CVE-2009-2863 - Improper Authentication

Severity

71%

Complexity

86%

Confidentiality

115%

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N).

Demo Examples

Improper Authentication

CWE-287

The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to "remember" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the "Administrator" username, as recorded in the user cookie.


               
}

                     
}
ExitError("Error: you need to log in first");

                           

                              
);
);
DoAdministratorTasks();

Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:


               
[body of request]

By setting the loggedin cookie to "true", the attacker bypasses the entire authentication check. By using the "Administrator" value in the user cookie, the attacker also gains privileges to administer the software.

Improper Authentication

CWE-287

Overview

Type

Cisco IOS

First reported 15 years ago

2009-09-28 19:30:00

Last updated 7 years ago

2017-08-17 01:30:00

Affected Software

Cisco IOS 12.0XK

12.0xk

Cisco IOS 12.0XR

12.0xr

Cisco IOS 12.1

12.1

Cisco IOS 12.1E

12.1e

Cisco IOS 12.1EX

12.1ex

Cisco IOS 12.1T

12.1t

Cisco IOS 12.1XC

12.1xc

Cisco IOS 12.1XH

12.1xh

Cisco IOS 12.1XI

12.1xi

Cisco IOS 12.1XJ

12.1xj

Cisco IOS 12.1XM

12.1xm

Cisco IOS 12.1XP

12.1xp

Cisco IOS 12.1XR

12.1xr

Cisco IOS 12.1YB

12.1yb

Cisco IOS 12.1YD

12.1yd

Cisco IOS 12.1YF

12.1yf

Cisco IOS 12.1YI

12.1yi

Cisco IOS 12.2

12.2

Cisco IOS 12.2B

12.2b

Cisco IOS 12.2BW

12.2bw

Cisco IOS 12.2CZ

12.2cz

Cisco IOS 12.2DD

12.2dd

Cisco IOS 12.2EX

12.2ex

Cisco IOS 12.2EY

12.2ey

Cisco IOS 12.2FZ

12.2fz

Cisco IOS 12.2IRA

12.2ira

Cisco IOS 12.2IRB

12.2irb

Cisco IOS 12.2IRC

12.2irc

Cisco IOS 12.2IXA

12.2ixa

Cisco IOS 12.2IXB

12.2ixb

Cisco IOS 12.2IXC

12.2ixc

Cisco IOS 12.2IXD

12.2ixd

Cisco IOS 12.2IXE

12.2ixe

Cisco IOS 12.2IXF

12.2ixf

Cisco IOS 12.2IXG

12.2ixg

Cisco IOS 12.2S

12.2s

Cisco IOS 12.2SBC

12.2sbc

Cisco IOS 12.2SE

12.2se

Cisco IOS 12.2SEC

12.2sec

Cisco IOS 12.2SED

12.2sed

Cisco IOS 12.2SEE

12.2see

Cisco IOS 12.2SEF

12.2sef

Cisco IOS 12.2SEG

12.2seg

Cisco IOS 12.2SG

12.2sg

Cisco IOS 12.2SGA

12.2sga

Cisco IOS 12.2SQ

12.2sq

Cisco IOS 12.2SRA

12.2sra

Cisco IOS 12.2SRB

12.2srb

Cisco IOS 12.2SRC

12.2src

Cisco IOS 12.2SU

12.2su

Cisco IOS 12.2SX

12.2sx

Cisco IOS 12.2SXA

12.2sxa

Cisco IOS 12.2SXB

12.2sxb

Cisco IOS 12.2SXD

12.2sxd

Cisco IOS 12.2SXE

12.2sxe

Cisco IOS 12.2SXF

12.2sxf

Cisco IOS 12.2SXH

12.2sxh

Cisco IOS 12.2SXI

12.2sxi

Cisco IOS 12.2T

12.2t

Cisco IOS 12.2TPC

12.2tpc

Cisco IOS 12.2XA

12.2xa

Cisco IOS 12.2XB

12.2xb

Cisco IOS 12.2XD

12.2xd

Cisco IOS 12.2XE

12.2xe

Cisco IOS 12.2XG

12.2xg

Cisco IOS 12.2XJ

12.2xj

Cisco IOS 12.2XK

12.2xk

Cisco IOS 12.2XL

12.2xl

Cisco IOS 12.2XM

12.2xm

Cisco IOS 12.2XO

12.2xo

Cisco IOS 12.2XQ

12.2xq

Cisco IOS 12.2XT

12.2xt

Cisco IOS 12.2XV

12.2xv

Cisco IOS 12.2XW

12.2xw

Cisco IOS 12.2YA

12.2ya

Cisco IOS 12.2YB

12.2yb

Cisco IOS 12.2YC

12.2yc

Cisco IOS 12.2YE

12.2ye

Cisco IOS 12.2YF

12.2yf

Cisco IOS 12.2YH

12.2yh

Cisco IOS 12.2YL

12.2yl

Cisco IOS 12.2YM

12.2ym

Cisco IOS 12.2YN

12.2yn

Cisco IOS 12.2YQ

12.2yq

Cisco IOS 12.2YU

12.2yu

Cisco IOS 12.2YV

12.2yv

Cisco IOS 12.2YX

12.2yx

Cisco IOS 12.2YZ

12.2yz

Cisco IOS 12.2ZD

12.2zd

Cisco IOS 12.2ZH

12.2zh

Cisco IOS 12.2ZJ

12.2zj

Cisco IOS 12.2ZL

12.2zl

Cisco IOS 12.2ZY

12.2zy

Cisco IOS 12.2ZYA

12.2zya

Cisco IOS 12.3

12.3

Cisco IOS 12.3B

12.3b

Cisco IOS 12.3JK

12.3jk

Cisco IOS 12.3T

12.3t

Cisco IOS 12TPC

12.3tpc

Cisco IOS 12.3VA

12.3va

Cisco IOS 12.3XA

12.3xa

Cisco IOS 12.3XC

12.3xc

Cisco IOS 12.3XD

12.3xd

Cisco IOS 12.3XE

12.3xe

Cisco IOS 12.3XF

12.3xf

Cisco IOS 12.3XG

12.3xg

Cisco IOS 12.3XK

12.3xk

Cisco IOS 12.3XL

12.3xl

Cisco IOS 12.3XQ

12.3xq

Cisco IOS 12.3XR

12.3xr

Cisco IOS 12.3XX

12.3xx

Cisco IOS 12.3YA

12.3ya

Cisco IOS 12.3YD

12.3yd

Cisco IOS 12.3YG

12.3yg

Cisco IOS 12.3YH

12.3yh

Cisco IOS 12.3YI

12.3yi

Cisco IOS 12.3YK

12.3yk

Cisco IOS 12.3YM

12.3ym

Cisco IOS 12.3YT

12.3yt

Cisco IOS 12.3YZ

12.3yz

Cisco IOS 12.4

12.4

Cisco IOS 12.4MR

12.4mr

Cisco IOS 12.4T

12.4t

Cisco IOS 12.4XA

12.4xa

Cisco IOS 12.4XD

12.4xd

Cisco IOS 12.4XE

12.4xe

Cisco IOS 12.4XF

12.4xf

Cisco IOS 12.4XJ

12.4xj

Cisco IOS 12.4xk

12.4xk

Cisco IOS 12.4XT

12.4xt

Cisco IOS 12.4XV

12.4xv

Cisco IOS 12.4XW

12.4xw

Cisco IOS 12.4XY

12.4xy

Cisco IOS 12.4XZ

12.4xz

Cisco IOS 12.4YA

12.4ya

Cisco IOS 12.4YB

12.4yb

References

58340

http://tools.cisco.com/security/center/viewAlert.x?alertId=18882

Vendor Advisory

20090923 Cisco IOS Software Authentication Proxy Vulnerability

Vendor Advisory

36491

1022935

ciscoios-authenticationproxy-sec-bypass(53453)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.