CVE-2001-0867 - Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properl

CVE-2001-0867

Summary

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

References

http://www.ciac.org/ciac/bulletins/m-018.shtml
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
http://www.osvdb.org/1989
http://www.securityfocus.com/bid/3538
https://exchange.xforce.ibmcloud.com/vulnerabilities/7555

Vulnerable Configurations

cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3538
ciac	M-018
cisco	20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
osvdb	1989
xf	cisco-acl-fragment-bypass(7555)

Last major update

10-10-2017 - 01:29

Published

06-12-2001 - 05:00

Last modified

10-10-2017 - 01:29