CVE-2009-2871

CVSS 7.8 - HIGH

Description

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

Affected Products

17

Vendor	Product	Version
cisco	ios	`12.2xna`
cisco	ios	`12.2xnb`
cisco	ios	`12.2xnc`
cisco	ios	`12.2xnd`
cisco	ios	`12.4md`
cisco	ios	`12.4mr`
cisco	ios	`12.4sw`
cisco	ios	`12.4t`
cisco	ios	`12.4xf`
cisco	ios	`12.4xj`
cisco	ios	`12.4xk`
cisco	ios	`12.4xq`
cisco	ios	`12.4xr`
cisco	ios	`12.4xv`
cisco	ios	`12.4xw`
cisco	ios	`12.4xy`
cisco	ios	`12.4xz`

References

http://tools.cisco.com/security/center/viewAlert.x...

http://www.cisco.com/en/US/products/products_secur...

http://www.securitytracker.com/id?1022930

http://www.vupen.com/english/advisories/2009/2759

http://tools.cisco.com/security/center/viewAlert.x...

http://www.cisco.com/en/US/products/products_secur...

http://www.securitytracker.com/id?1022930

http://www.vupen.com/english/advisories/2009/2759

Weakness Types

NVD-CWE-noinfo

CVE Information

CVE ID:: CVE-2009-2871
Published:: 2009-09-28
Modified:: 2026-04-23
CVSS Score:: 7.8
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:N/I:N/A:C

Affected Vendors

cisco

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL