Vulnerability Name:

CVE-2001-0929 (CCN-7614)

Assigned:2001-11-28
Published:2001-11-28
Updated:2017-10-10
Summary:Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2001-0929

Source: CCN
Type: Cisco Security Notice 2004 March 27 19:30 UTC
Exploit for Multiple Cisco Vulnerabilities

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2001 November 28 08:00 (UTC -0800)
A Vulnerability in IOS Firewall Feature Set

Source: CISCO
Type: Patch, Vendor Advisory
20011128 A Vulnerability in IOS Firewall Feature Set

Source: CCN
Type: US-CERT VU#362483
Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists

Source: CERT-VN
Type: US Government Resource
VU#362483

Source: OSVDB
Type: UNKNOWN
808

Source: CCN
Type: OSVDB ID: 808
Cisco IOS Firewall CBAC ACL Bypass

Source: CCN
Type: SecuriTeam Mailing List, Security Holes & Exploits 25 Mar 2004
Multiple Cisco Exploit Codes

Source: BID
Type: UNKNOWN
3588

Source: CCN
Type: BID-3588
Cisco Context Based Access Control Protocol Check Bypassing Vulnerability

Source: XF
Type: UNKNOWN
ios-cbac-bypass-acl(7614)

Source: XF
Type: UNKNOWN
ios-cbac-bypass-acl(7614)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ios:11.2p:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.3t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1e:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2t:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1e:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.2p:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:11.3t:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5892
    V
    		Cisco IOS Protocol Check Design Error
    2008-09-08
    BACK
    cisco ios 11.2p
    cisco ios 11.3t
    cisco ios 12.0
    cisco ios 12.0t
    cisco ios 12.1
    cisco ios 12.1e
    cisco ios 12.1t
    cisco ios 12.2
    cisco ios 12.2t
    cisco ios 12.0
    cisco ios 12.1t
    cisco ios 12.1e
    cisco ios 12.0t
    cisco ios 12.1
    cisco ios 12.2t
    cisco ios 12.2
    cisco ios 11.2p
    cisco ios 11.3t