Details of VAR-199212-0003

ID

VAR-199212-0003

CVE

CVE-1999-1466

TITLE

Cisco Access List Vulnerability

Trust: 0.9

sources: BID: 53 // CNNVD: CNNVD-199212-002

DESCRIPTION

Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword. Cisco Systems Cisco IOS Exists in unspecified vulnerabilities.None. This vulnerability can allow unauthorized traffic to pass through the gateway and can block authorized traffic. This can permit packets which should be filtered and filter packets which should be permitted. Vulnerabilities exist in Cisco router versions 8.2 through 9.1

Trust: 1.98

sources: NVD: CVE-1999-1466 // JVNDB: JVNDB-1992-000005 // BID: 53 // VULHUB: VHN-1447

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	9.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	9.0	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	8.3	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	8.2	Trust: 1.9
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	8.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	8.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	9.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	9.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	-	Trust: 0.8

sources: BID: 53 // JVNDB: JVNDB-1992-000005 // CNNVD: CNNVD-199212-002 // NVD: CVE-1999-1466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1466
value:	HIGH
Trust: 1.0
NVD:	CVE-1999-1466
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-199212-002
value:	HIGH
Trust: 0.6
VULHUB:	VHN-1447
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1466
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-1447
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1447 // JVNDB: JVNDB-1992-000005 // CNNVD: CNNVD-199212-002 // NVD: CVE-1999-1466

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1992-000005 // NVD: CVE-1999-1466

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199212-002

TYPE

Unknown

Trust: 0.9

sources: BID: 53 // CNNVD: CNNVD-199212-002

PATCH

title:

Products IOS Cisco IOS Software Releases

url:

https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-software-releases-listing.html

Trust: 0.8

sources: JVNDB: JVNDB-1992-000005

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1466	Trust: 3.6
db:	BID	id:	53	Trust: 2.8
db:	JVNDB	id:	JVNDB-1992-000005	Trust: 0.8
db:	CNNVD	id:	CNNVD-199212-002	Trust: 0.7
db:	CERT/CC	id:	CA-1992-20	Trust: 0.6
db:	VULHUB	id:	VHN-1447	Trust: 0.1

sources: VULHUB: VHN-1447 // BID: 53 // JVNDB: JVNDB-1992-000005 // CNNVD: CNNVD-199212-002 // NVD: CVE-1999-1466

REFERENCES

url:	http://www.securityfocus.com/bid/53	Trust: 2.5
url:	http://www.cert.org/advisories/ca-1992-20.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-1999-1466	Trust: 0.8

sources: VULHUB: VHN-1447 // JVNDB: JVNDB-1992-000005 // CNNVD: CNNVD-199212-002 // NVD: CVE-1999-1466

SOURCES

db:	VULHUB	id:	VHN-1447
db:	BID	id:	53
db:	JVNDB	id:	JVNDB-1992-000005
db:	CNNVD	id:	CNNVD-199212-002
db:	NVD	id:	CVE-1999-1466

LAST UPDATE DATE

2024-08-14T14:36:10.527000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1447	date:	2008-09-05T00:00:00
db:	BID	id:	53	date:	2009-07-11T00:16:00
db:	JVNDB	id:	JVNDB-1992-000005	date:	2024-05-02T09:35:00
db:	CNNVD	id:	CNNVD-199212-002	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-1999-1466	date:	2008-09-05T20:19:35.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1447	date:	1992-12-10T00:00:00
db:	BID	id:	53	date:	1992-12-10T00:00:00
db:	JVNDB	id:	JVNDB-1992-000005	date:	2024-05-02T00:00:00
db:	CNNVD	id:	CNNVD-199212-002	date:	1992-12-10T00:00:00
db:	NVD	id:	CVE-1999-1466	date:	1992-12-10T05:00:00