ID
VAR-199904-0053
TITLE
Cisco IOS Software Input Access List Leakage with NAT
Trust: 0.3
DESCRIPTION
It is reported that Cisco routers running versions 12.0 are affected by a vulnerability which allows packets to bypass input filter rules. When certain versions of Cisco IOS are configured with both input access lists and NAT, an interaction between different software bugs allows packets to bypass the input filter rules. This situation allows for a false sense of security by the administrators of affected devices. This may allow an attacker to circumvent access control restrictions, possibly aiding them in further compromise of protected computers.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xg | scope: | eq | version: | 12.0.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xf | scope: | eq | version: | 12.0.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xd | scope: | eq | version: | 12.0.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xc | scope: | eq | version: | 12.0.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 12.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xb | scope: | eq | version: | 12.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios xa3 | scope: | eq | version: | 12.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios w | scope: | eq | version: | 12.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.0t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.0s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.0db | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios t | scope: | ne | version: | 12.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios s | scope: | ne | version: | 12.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | ne | version: | 12.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios t2 | scope: | ne | version: | 12.0.3 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Origin Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 706 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/sec_incident_response.shtml | Trust: 0.3 |
CREDITS
This vulnerability was reported to Cisco by customers. Cisco published this information in an advisory on 13 April 1999.
Trust: 0.3
SOURCES
| db: | BID | id: | 706 |
LAST UPDATE DATE
2022-05-17T01:52:15.425000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 706 | date: | 1999-04-13T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 706 | date: | 1999-04-13T00:00:00 |