TILLBAKA TILL DASHBOARD

CVE-1999-1306

Källa: cve@mitre.org

UNKNOWN
7.5 CVSS Score

EXPLOTATION STATUS & MITIGATIONS

EXPLOIT STATUS
NO KNOWN EXPLOIT
REMEDIATION
PATCH AVAILABLE

PÅVERKADE KLIENTER/MJUKVARA

Cisco Ios

BESKRIVNING

Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.

TEKNISK DATA

{
  "id": "CVE-1999-1306",
  "sourceIdentifier": "cve@mitre.org",
  "published": "1992-12-10T05:00:00.000",
  "lastModified": "2025-04-03T01:03:51.193",
  "vulnStatus": "Deferred",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the \"established\" keyword is set, which could allow attackers to bypass filters."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "baseScore": 7.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "9.1",
              "matchCriteriaId": "91986F0D-94E5-4ED9-A98D-123C99FD43CE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.cert.org/advisories/CA-1992-20.html",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "http://www.cert.org/advisories/CA-1992-20.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}

Status

Vuln Status:Deferred
Publicerad:12/10/1992
Uppdaterad:4/3/2025

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P
ÖPPNA I NVD