CVE-2001-0867

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
http://www.ciac.org/ciac/bulletins/m-018.shtml
http://www.securityfocus.com/bid/3538
http://www.osvdb.org/1989
https://exchange.xforce.ibmcloud.com/vulnerabilities/7555

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*

Information

Published : 2001-12-05 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0867

Mitre link : CVE-2001-0867

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

12000_router

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml", "name": "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", "tags": [], "refsource": "CISCO"}, {"url": "http://www.ciac.org/ciac/bulletins/m-018.shtml", "name": "M-018", "tags": [], "refsource": "CIAC"}, {"url": "http://www.securityfocus.com/bid/3538", "name": "3538", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/1989", "name": "1989", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7555", "name": "cisco-acl-fragment-bypass(7555)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the \"fragment\" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0867", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-12-06T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}

7.5 /10