Details of VAR-199912-0019

ID

VAR-199912-0019

CVE

CVE-1999-1175

TITLE

Cisco IOS Cisco Cache Engine Web Cache Control Protocol (WCCP) User Path Reset Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

DESCRIPTION

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. Cisco IOS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks. A remote attacker can reset arbitrary user access to HTTP through UDP port 2048 of WCCP packets

Trust: 1.26

sources: NVD: CVE-1999-1175 // BID: 87015 // VULHUB: VHN-1156

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lte	version:	11.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	11.2	Trust: 0.9

sources: BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1175
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199912-183
value:	HIGH
Trust: 0.6
VULHUB:	VHN-1156
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1175
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1156
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1156 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1175	Trust: 2.0
db:	XF	id:	1577	Trust: 0.9
db:	CISCO	id:	19980513 CISCO WEB CACHE CONTROL PROTOCOL ROUTER VULNERABILITY	Trust: 0.6
db:	CIAC	id:	I-054	Trust: 0.6
db:	CNNVD	id:	CNNVD-199912-183	Trust: 0.6
db:	BID	id:	87015	Trust: 0.4
db:	VULHUB	id:	VHN-1156	Trust: 0.1

sources: VULHUB: VHN-1156 // BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

REFERENCES

url:	http://www.ciac.org/ciac/bulletins/i-054.shtml	Trust: 2.0
url:	http://www.cisco.com/warp/public/770/wccpauth-pub.shtml	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/1577	Trust: 1.1
url:	http://xforce.iss.net/static/1577.php	Trust: 0.9

sources: VULHUB: VHN-1156 // BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

CREDITS

Unknown

Trust: 0.3

sources: BID: 87015

SOURCES

db:	VULHUB	id:	VHN-1156
db:	BID	id:	87015
db:	CNNVD	id:	CNNVD-199912-183
db:	NVD	id:	CVE-1999-1175

LAST UPDATE DATE

2024-08-14T15:04:57.474000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1156	date:	2017-10-10T00:00:00
db:	BID	id:	87015	date:	1999-12-31T00:00:00
db:	CNNVD	id:	CNNVD-199912-183	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-1175	date:	2017-10-10T01:29:03.560

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1156	date:	1999-12-31T00:00:00
db:	BID	id:	87015	date:	1999-12-31T00:00:00
db:	CNNVD	id:	CNNVD-199912-183	date:	1999-12-31T00:00:00
db:	NVD	id:	CVE-1999-1175	date:	1999-12-31T05:00:00