Unrated severityNVD Advisory· Published Sep 28, 2009· Updated Apr 23, 2026

CVE-2009-2865

Description

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.

Affected products

Cisco Systems, Inc./Unified Communications Manager Express
cpe:2.3:a:cisco:unified_communications_manager_express:*:*:*:*:*:*:*:*
Cisco Systems, Inc./Cisco iOS4 versions
cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.4xy:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/viewAlert.xnvdPatchVendor Advisory
www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtmlnvdPatchVendor Advisory
www.vupen.com/english/advisories/2009/2758nvdVendor Advisory
osvdb.org/58335nvd
www.securityfocus.com/bid/36498nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/53448nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000