CVE-2009-2977 : The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

Published 2009-08-27 17:30:00

Updated 2018-10-10 19:42:49

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-2977

Cisco » Cs-mars
Versions up to, including, (<=) 6.0.4
cpe:2.3:h:cisco:cs-mars:*:*:*:*:*:*:*:*
Matching versions
Cisco » Cs-mars » Version: 4.1.2
cpe:2.3:h:cisco:cs-mars:4.1.2:*:*:*:*:*:*:*
Matching versions
Cisco » Cs-mars » Version: 4.1
cpe:2.3:h:cisco:cs-mars:4.1:*:*:*:*:*:*:*
Matching versions
Cisco » Cs-mars » Version: 4.1.3
cpe:2.3:h:cisco:cs-mars:4.1.3:*:*:*:*:*:*:*
Matching versions
Cisco » Cs-mars » Version: 4.1.5
cpe:2.3:h:cisco:cs-mars:4.1.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-2977

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-2977

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:A/AC:L/Au:N/C:P/I:N/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-2977

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-2977

Jump to

Vulnerability Details : CVE-2009-2977

Products affected by CVE-2009-2977

Exploit prediction scoring system (EPSS) score for CVE-2009-2977

CVSS scores for CVE-2009-2977

CWE ids for CVE-2009-2977

References for CVE-2009-2977