Details of VAR-199808-0007

ID

VAR-199808-0007

CVE

CVE-1999-0158

TITLE

Cisco Systems Cisco Pix Firewall Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-1998-000018

DESCRIPTION

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. Cisco Systems Cisco Pix Firewall There are unspecified vulnerabilities in the software.None. PFM itself implements a Web Server with limited functions. PFM Web Server runs on Windows NT. There is a security hole in the URL request processing of PFM Web Server. A remote attacker may use this hole to read any file with a known file name on the system. The attacker must be able to establish a connection to the 8080/TCP port of the Windows NT host. In all recommended configurations and most actual configurations, the 8080/TCP port of the host where the PFM is located is only allowed to be accessed from the inside of the PIX firewall, not from the PIX Access from outside the firewall. Additionally, the attacker must know the exact path of the target file, and the vulnerability does not allow directory browsing

Trust: 1.71

sources: NVD: CVE-1999-0158 // JVNDB: JVNDB-1998-000018 // VULHUB: VHN-158

AFFECTED PRODUCTS

vendor:	cisco	model:	pix firewall software	scope:	eq	version:	4.2\(1\)	Trust: 1.6
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	4.1\(6\)	Trust: 1.6
vendor:	シスコシステムズ	model:	cisco pix firewall ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco pix firewall ソフトウェア	scope:	eq	version:	cisco pix firewall software 4.1(6)	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco pix firewall ソフトウェア	scope:	eq	version:	cisco pix firewall software 4.2(1)	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	4.1\(6\)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	4.2\(1\)	Trust: 0.6

sources: JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0158
value:	MEDIUM
Trust: 1.0
NVD:	CVE-1999-0158
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-199808-017
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-0158
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1998-000018 // NVD: CVE-1999-0158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

PATCH

title:

Introduction [Cisco PIX Firewall Software] - Cisco Systems

url:

https://www.cisco.com/en/US/docs/security/pix/pix50/configuration/guide/intro.html

Trust: 0.8

sources: JVNDB: JVNDB-1998-000018

EXTERNAL IDS

db:	NVD	id:	CVE-1999-0158	Trust: 3.3
db:	OSVDB	id:	685	Trust: 1.7
db:	JVNDB	id:	JVNDB-1998-000018	Trust: 0.8
db:	CNNVD	id:	CNNVD-199808-017	Trust: 0.7
db:	CISCO	id:	20010913 CISCO PIX FIREWALL MANAGER FILE EXPOSURE	Trust: 0.6
db:	VULHUB	id:	VHN-158	Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

REFERENCES

url:	http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/685	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-1999-0158	Trust: 0.8
url:	-	Trust: 0.1

sources: VULHUB: VHN-158 // JVNDB: JVNDB-1998-000018 // CNNVD: CNNVD-199808-017 // NVD: CVE-1999-0158

CREDITS

Brett Oliphant Brett_M_Oliphant/※ Lafayette_Life@LLNOTES.LLIC.COM

Trust: 0.6

sources: CNNVD: CNNVD-199808-017

SOURCES

db:	VULHUB	id:	VHN-158
db:	JVNDB	id:	JVNDB-1998-000018
db:	CNNVD	id:	CNNVD-199808-017
db:	NVD	id:	CVE-1999-0158

LAST UPDATE DATE

2024-08-14T14:42:32.342000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158	date:	2018-10-30T00:00:00
db:	JVNDB	id:	JVNDB-1998-000018	date:	2024-05-07T09:36:00
db:	CNNVD	id:	CNNVD-199808-017	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-0158	date:	2018-10-30T16:25:31.607

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158	date:	1998-08-31T00:00:00
db:	JVNDB	id:	JVNDB-1998-000018	date:	2024-05-07T00:00:00
db:	CNNVD	id:	CNNVD-199808-017	date:	1998-08-31T00:00:00
db:	NVD	id:	CVE-1999-0158	date:	1998-08-31T04:00:00