CVE-2009-2865

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4XW through 12.4YA

Description A buffer overflow issue in the login implementation of the Extension Mobility feature in Cisco Unified Communications Manager Express (CME) allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests. Successful exploitation may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.

Recommendations For Cisco IOS versions 12.4XW through 12.4YA, update to a version that includes the software updates released by Cisco to address this issue.