CVE-2000-1022 - The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict acc

CVE-2000-1022

Summary

The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.

References

Vulnerable Configurations

cpe:2.3:o:cisco:pix_firewall_software:4.2\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.2\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.2\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.2\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.2\(5\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.2\(5\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.4\(4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:4.4\(4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1698
bugtraq	20000919 Cisco PIX Firewall (smtp content filtering hack) 20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
cisco	20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
xf	cisco-pix-smtp-filtering(5277)

Last major update

30-10-2018 - 16:26

Published

11-12-2000 - 05:00

Last modified

30-10-2018 - 16:26