CVE-2001-0867

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ciac.org/ciac/bulletins/m-018.shtml
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
http://www.osvdb.org/1989
http://www.securityfocus.com/bid/3538
https://exchange.xforce.ibmcloud.com/vulnerabilities/7555
http://www.ciac.org/ciac/bulletins/m-018.shtml
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
http://www.osvdb.org/1989
http://www.securityfocus.com/bid/3538
https://exchange.xforce.ibmcloud.com/vulnerabilities/7555

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:36

Type	Values Removed	Values Added
References	~~() http://www.ciac.org/ciac/bulletins/m-018.shtml -~~	() http://www.ciac.org/ciac/bulletins/m-018.shtml -
References	~~() http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml -~~	() http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml -
References	~~() http://www.osvdb.org/1989 -~~	() http://www.osvdb.org/1989 -
References	~~() http://www.securityfocus.com/bid/3538 -~~	() http://www.securityfocus.com/bid/3538 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7555 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7555 -

Information

Published : 2001-12-06 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-0867

Mitre link : CVE-2001-0867

CVE.ORG link : CVE-2001-0867

JSON object : View

Products Affected

cisco

12000_router

CWE

NVD-CWE-Other

{"id": "CVE-2001-0867", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2001-12-06T05:00:00.000", "references": [{"url": "http://www.ciac.org/ciac/bulletins/m-018.shtml", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/1989", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3538", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7555", "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/m-018.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/1989", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3538", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7555", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the \"fragment\" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978CC32A-55A9-4DAE-B2A4-9FE41FC9497D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}