CVE-2001-0864

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/m-018.shtml
http://www.securityfocus.com/bid/3536
http://www.osvdb.org/1986
https://exchange.xforce.ibmcloud.com/vulnerabilities/7553

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*

Information

Published : 2001-12-05 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0864

Mitre link : CVE-2001-0864

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

12000_router

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml", "name": "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.ciac.org/ciac/bulletins/m-018.shtml", "name": "M-018", "tags": [], "refsource": "CIAC"}, {"url": "http://www.securityfocus.com/bid/3536", "name": "3536", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/1986", "name": "1986", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7553", "name": "cisco-acl-deny-ip(7553)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit \"deny ip any any\" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0864", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-12-06T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}

7.5 /10