Vulnerability CVE-2001-0866


Published: 2001-12-06   Modified: 2012-02-12

Description:
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Vendor: Cisco
Product: 12000 router 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
http://www.securityfocus.com/bid/3537
http://www.osvdb.org/1984
http://www.iss.net/security_center/static/7554.php
http://www.ciac.org/ciac/bulletins/m-018.shtml

Related CVE
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
CVE-2018-0355
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability...
CVE-2018-0352
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with ...
CVE-2018-0340
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected ...
CVE-2018-0339
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability ...
CVE-2018-0338
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affec...
CVE-2018-0336
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforc...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker...

Copyright 2018, cxsecurity.com

 

Back to Top