Details of VAR-199807-0030

ID

VAR-199807-0030

CVE

CVE-1999-1582

TITLE

PIX 'established' and 'conduit' command may have unexpected interactions

Trust: 0.8

sources: CERT/CC: VU#6733

DESCRIPTION

By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Cisco Systems Cisco PIX Firewall Software Exists in unspecified vulnerabilities.None. PIX Firewall is prone to a remote security vulnerability

Trust: 2.7

sources: NVD: CVE-1999-1582 // CERT/CC: VU#6733 // JVNDB: JVNDB-1998-000019 // BID: 87942 // VULHUB: VHN-1563

AFFECTED PRODUCTS

vendor:	cisco	model:	pix firewall	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco pix firewall software	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	-	version:	-	Trust: 0.6

sources: CERT/CC: VU#6733 // JVNDB: JVNDB-1998-000019 // CNNVD: CNNVD-199807-017 // NVD: CVE-1999-1582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1582
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#6733
value:	18.00
Trust: 0.8
NVD:	CVE-1999-1582
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-199807-017
value:	HIGH
Trust: 0.6
VULHUB:	VHN-1563
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1582
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-1563
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#6733 // VULHUB: VHN-1563 // JVNDB: JVNDB-1998-000019 // CNNVD: CNNVD-199807-017 // NVD: CVE-1999-1582

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1998-000019 // NVD: CVE-1999-1582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199807-017

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199807-017

PATCH

title:

Introduction [Cisco PIX Firewall Software] - Cisco Systems

url:

https://www.cisco.com/en/US/docs/security/pix/pix50/configuration/guide/intro.html

Trust: 0.8

sources: JVNDB: JVNDB-1998-000019

EXTERNAL IDS

db:	CERT/CC	id:	VU#6733	Trust: 3.6
db:	NVD	id:	CVE-1999-1582	Trust: 3.6
db:	XF	id:	8052	Trust: 0.9
db:	JVNDB	id:	JVNDB-1998-000019	Trust: 0.8
db:	CNNVD	id:	CNNVD-199807-017	Trust: 0.7
db:	CISCO	id:	19980715 PIX FIREWALL "ESTABLISHED" COMMAND	Trust: 0.6
db:	BID	id:	87942	Trust: 0.4
db:	VULHUB	id:	VHN-1563	Trust: 0.1

sources: CERT/CC: VU#6733 // VULHUB: VHN-1563 // BID: 87942 // JVNDB: JVNDB-1998-000019 // CNNVD: CNNVD-199807-017 // NVD: CVE-1999-1582

REFERENCES

url:	http://www.cisco.com/warp/public/707/pixest-pub.shtml	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/6733	Trust: 2.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/8052	Trust: 1.9
url:	http://xforce.iss.net/xforce/xfdb/8052	Trust: 0.9
url:	http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixcfg41/pix41cmd.htm#xtocid1978512	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-1999-1582	Trust: 0.8

sources: CERT/CC: VU#6733 // VULHUB: VHN-1563 // BID: 87942 // JVNDB: JVNDB-1998-000019 // CNNVD: CNNVD-199807-017 // NVD: CVE-1999-1582

CREDITS

Unknown

Trust: 0.3

sources: BID: 87942

SOURCES

db:	CERT/CC	id:	VU#6733
db:	VULHUB	id:	VHN-1563
db:	BID	id:	87942
db:	JVNDB	id:	JVNDB-1998-000019
db:	CNNVD	id:	CNNVD-199807-017
db:	NVD	id:	CVE-1999-1582

LAST UPDATE DATE

2024-08-14T15:41:05.222000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#6733	date:	2002-01-04T00:00:00
db:	VULHUB	id:	VHN-1563	date:	2017-07-11T00:00:00
db:	BID	id:	87942	date:	1998-07-15T00:00:00
db:	JVNDB	id:	JVNDB-1998-000019	date:	2024-05-13T02:32:00
db:	CNNVD	id:	CNNVD-199807-017	date:	2006-04-03T00:00:00
db:	NVD	id:	CVE-1999-1582	date:	2017-07-11T01:29:01.867

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#6733	date:	2002-01-04T00:00:00
db:	VULHUB	id:	VHN-1563	date:	1998-07-15T00:00:00
db:	BID	id:	87942	date:	1998-07-15T00:00:00
db:	JVNDB	id:	JVNDB-1998-000019	date:	2024-05-13T00:00:00
db:	CNNVD	id:	CNNVD-199807-017	date:	1998-07-15T00:00:00
db:	NVD	id:	CVE-1999-1582	date:	1998-07-15T04:00:00