ID

VAR-199912-0019


CVE

CVE-1999-1175


TITLE

Cisco IOS Cisco Cache Engine Web Cache Control Protocol (WCCP) User Path Reset Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

DESCRIPTION

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. Cisco IOS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks. A remote attacker can reset arbitrary user access to HTTP through UDP port 2048 of WCCP packets

Trust: 1.26

sources: NVD: CVE-1999-1175 // BID: 87015 // VULHUB: VHN-1156

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:11.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 0.9

sources: BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1175
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199912-183
value: HIGH

Trust: 0.6

VULHUB: VHN-1156
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-1175
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1156
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1156 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199912-183

EXTERNAL IDS

db:NVDid:CVE-1999-1175

Trust: 2.0

db:XFid:1577

Trust: 0.9

db:CISCOid:19980513 CISCO WEB CACHE CONTROL PROTOCOL ROUTER VULNERABILITY

Trust: 0.6

db:CIACid:I-054

Trust: 0.6

db:CNNVDid:CNNVD-199912-183

Trust: 0.6

db:BIDid:87015

Trust: 0.4

db:VULHUBid:VHN-1156

Trust: 0.1

sources: VULHUB: VHN-1156 // BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

REFERENCES

url:http://www.ciac.org/ciac/bulletins/i-054.shtml

Trust: 3.0

url:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml

Trust: 3.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/1577

Trust: 2.1

url:http://xforce.iss.net/static/1577.php

Trust: 0.9

sources: VULHUB: VHN-1156 // BID: 87015 // CNNVD: CNNVD-199912-183 // NVD: CVE-1999-1175

CREDITS

Unknown

Trust: 0.3

sources: BID: 87015

SOURCES

db:VULHUBid:VHN-1156
db:BIDid:87015
db:CNNVDid:CNNVD-199912-183
db:NVDid:CVE-1999-1175

LAST UPDATE DATE

2024-11-22T23:12:12.525000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1156date:2017-10-10T00:00:00
db:BIDid:87015date:1999-12-31T00:00:00
db:CNNVDid:CNNVD-199912-183date:2005-05-02T00:00:00
db:NVDid:CVE-1999-1175date:2024-11-20T23:30:29.300

SOURCES RELEASE DATE

db:VULHUBid:VHN-1156date:1999-12-31T00:00:00
db:BIDid:87015date:1999-12-31T00:00:00
db:CNNVDid:CNNVD-199912-183date:1999-12-31T00:00:00
db:NVDid:CVE-1999-1175date:1999-12-31T05:00:00