ID

VAR-199808-0007


CVE

CVE-1999-0158


TITLE

Cisco Systems  Cisco Pix Firewall  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-1998-000018

DESCRIPTION

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. Cisco Systems Cisco Pix Firewall There are unspecified vulnerabilities in the software.None. PFM itself implements a Web Server with limited functions. PFM Web Server runs on Windows NT. There is a security hole in the URL request processing of PFM Web Server. A remote attacker may use this hole to read any file with a known file name on the system. The attacker must be able to establish a connection to the 8080/TCP port of the Windows NT host. In all recommended configurations and most actual configurations, the 8080/TCP port of the host where the PFM is located is only allowed to be accessed from the inside of the PIX firewall, not from the PIX Access from outside the firewall. Additionally, the attacker must know the exact path of the target file, and the vulnerability does not allow directory browsing

Trust: 1.71

sources: NVD: CVE-1999-0158 // JVNDB: JVNDB-1998-000018 // VULHUB: VHN-158

AFFECTED PRODUCTS

vendor:ciscomodel:pix firewall softwarescope:eqversion:4.2\(1\)

Trust: 1.6

vendor:ciscomodel:pix firewall softwarescope:eqversion:4.1\(6\)

Trust: 1.6

vendor:シスコシステムズmodel:cisco pix firewall ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco pix firewall ソフトウェアscope:eqversion:cisco pix firewall software 4.1(6)

Trust: 0.8

vendor:シスコシステムズmodel:cisco pix firewall ソフトウェアscope:eqversion:cisco pix firewall software 4.2(1)

Trust: 0.8

vendor:ciscomodel:pix firewallscope:eqversion:4.1\(6\)

Trust: 0.6

vendor:ciscomodel:pix firewallscope:eqversion:4.2\(1\)

Trust: 0.6

sources: JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0158
value: MEDIUM

Trust: 1.0

NVD: CVE-1999-0158
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-199808-017
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-0158
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-1998-000018 // NVD: CVE-1999-0158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

PATCH

title:Introduction [Cisco PIX Firewall Software] - Cisco Systemsurl:https://www.cisco.com/en/US/docs/security/pix/pix50/configuration/guide/intro.html

Trust: 0.8

sources: JVNDB: JVNDB-1998-000018

EXTERNAL IDS

db:NVDid:CVE-1999-0158

Trust: 3.3

db:OSVDBid:685

Trust: 1.7

db:JVNDBid:JVNDB-1998-000018

Trust: 0.8

db:CNNVDid:CNNVD-199808-017

Trust: 0.7

db:CISCOid:20010913 CISCO PIX FIREWALL MANAGER FILE EXPOSURE

Trust: 0.6

db:VULHUBid:VHN-158

Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

REFERENCES

url:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml

Trust: 2.7

url:http://www.osvdb.org/685

Trust: 2.7

url:https://nvd.nist.gov/vuln/detail/cve-1999-0158

Trust: 0.8

url: -

Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

CREDITS

Brett Oliphant Brett_M_Oliphant/※ Lafayette_Life@LLNOTES.LLIC.COM

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

SOURCES

db:VULHUBid:VHN-158
db:JVNDBid:JVNDB-1998-000018
db:CNNVDid:CNNVD-199808-017
db:NVDid:CVE-1999-0158

LAST UPDATE DATE

2024-11-22T23:15:00.040000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-1998-000018date:2024-05-07T09:36:00
db:CNNVDid:CNNVD-199808-017date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0158date:2024-11-20T23:28:00.437

SOURCES RELEASE DATE

db:VULHUBid:VHN-158date:1998-08-31T00:00:00
db:JVNDBid:JVNDB-1998-000018date:2024-05-07T00:00:00
db:CNNVDid:CNNVD-199808-017date:1998-08-31T00:00:00
db:NVDid:CVE-1999-0158date:1998-08-31T04:00:00