CVE-2009-0053 - PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 be

CVE-2009-0053

Summary

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."

References

Vulnerable Configurations

cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_postx:6.2.2.2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-03-2011 - 03:17)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	33268
cisco	20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities
osvdb	51395
sectrack	1021593
secunia	33479
vupen	ADV-2009-0140

Last major update

08-03-2011 - 03:17

Published

16-01-2009 - 21:30

Last modified

08-03-2011 - 03:17