ID

VAR-200003-0057


CVE

CVE-2000-0613


TITLE

Cisco Secure PIX Firewall forgery TCP RST Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200003-038

DESCRIPTION

Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. The attacker would have to possess detailed knowledge of the connection table in the firewall (which is used to track outgoing connections and disallow any connections from the external network that were not initiated by an internal machine) or be able to otherwise determine the required IP address and port information to exploit this

Trust: 1.26

sources: NVD: CVE-2000-0613 // BID: 1454 // VULHUB: VHN-2190

AFFECTED PRODUCTS

vendor:ciscomodel:pix firewallscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:pix firewallscope: - version: -

Trust: 0.6

vendor:ciscomodel:pix firewallscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.4(4)

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.3

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.2(5)

Trust: 0.3

vendor:ciscomodel:pix firewall bscope:eqversion:4.1.6

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.1.6

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:3.1

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:3.0

Trust: 0.3

vendor:ciscomodel:pix firewallscope:eqversion:2.7

Trust: 0.3

sources: BID: 1454 // CNNVD: CNNVD-200003-038 // NVD: CVE-2000-0613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0613
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200003-038
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2190
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0613
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2190
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-2190 // CNNVD: CNNVD-200003-038 // NVD: CVE-2000-0613

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200003-038

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200003-038

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-2190

EXTERNAL IDS

db:BIDid:1454

Trust: 2.0

db:NVDid:CVE-2000-0613

Trust: 1.7

db:OSVDBid:1457

Trust: 1.7

db:CNNVDid:CNNVD-200003-038

Trust: 0.7

db:BUGTRAQid:20000320 PIX DMZ DENIAL OF SERVICE - TCP RESETS

Trust: 0.6

db:CISCOid:20000711 CISCO SECURE PIX FIREWALL TCP RESET VULNERABILITY

Trust: 0.6

db:XFid:4928

Trust: 0.6

db:EXPLOIT-DBid:20067

Trust: 0.1

db:SEEBUGid:SSVID-73964

Trust: 0.1

db:VULHUBid:VHN-2190

Trust: 0.1

sources: VULHUB: VHN-2190 // BID: 1454 // CNNVD: CNNVD-200003-038 // NVD: CVE-2000-0613

REFERENCES

url:http://www.securityfocus.com/bid/1454

Trust: 2.7

url:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml

Trust: 2.7

url:http://www.osvdb.org/1457

Trust: 2.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/4928

Trust: 2.1

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=b3d6883199dbd311868100a0c9fc2cdc046b72%40protea.citec.net

Trust: 2.0

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=b3d6883199dbd311868100a0c9fc2cdc046b72@protea.citec.net

Trust: 0.7

url:http://xforce.iss.net/static/4928.php

Trust: 0.6

sources: VULHUB: VHN-2190 // CNNVD: CNNVD-200003-038 // NVD: CVE-2000-0613

CREDITS

This vulnerability was originally reported to BugTraq on March 20, 2000 by Andrew Alston <andrew@citec.net>

Trust: 0.9

sources: BID: 1454 // CNNVD: CNNVD-200003-038

SOURCES

db:VULHUBid:VHN-2190
db:BIDid:1454
db:CNNVDid:CNNVD-200003-038
db:NVDid:CVE-2000-0613

LAST UPDATE DATE

2024-11-22T23:15:29.775000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-2190date:2017-10-10T00:00:00
db:BIDid:1454date:2000-07-10T00:00:00
db:CNNVDid:CNNVD-200003-038date:2005-07-27T00:00:00
db:NVDid:CVE-2000-0613date:2024-11-20T23:32:53.827

SOURCES RELEASE DATE

db:VULHUBid:VHN-2190date:2000-03-20T00:00:00
db:BIDid:1454date:2000-07-10T00:00:00
db:CNNVDid:CNNVD-200003-038date:2000-03-20T00:00:00
db:NVDid:CVE-2000-0613date:2000-03-20T05:00:00