Details of VAR-200111-0036

ID

VAR-200111-0036

CVE

CVE-2001-0929

TITLE

Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists

Trust: 0.8

sources: CERT/CC: VU#362483

DESCRIPTION

Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. IOS is a Cisco Internetwork Operating System. It is maintained and distributed by Cisco, and used on various types of Cisco hardware. A problem has been found in the checking of protocol by the system. The vulnerable version of IOS does not check the protocol type of the packets, thus making it possible for a system on either end of the connection to send data of a different type. One such instance would be a system on the protected network sending a UDP packet to a system outside of the protected network, and the external system returning a connection to the host via TCP using the pre-established IP address and port numbers. This could allow a remote user to gather intelligence about a host, and potentially lead to an organized attack against network resources. A remote attacker could exploit this vulnerability to bypass access control lists

Trust: 1.98

sources: NVD: CVE-2001-0929 // CERT/CC: VU#362483 // BID: 3588 // VULHUB: VHN-3736

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	11.2p	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	11.3t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.1e	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 12.2 t	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.1 e	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.0xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.2(6)	Trust: 0.3
vendor:	cisco	model:	ios 12.1xp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.1(12)	Trust: 0.3
vendor:	cisco	model:	ios 12.2 xj1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xi	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xq	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 11.3t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.0(21)	Trust: 0.3
vendor:	cisco	model:	ios 12.2xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.1(11.1)	Trust: 0.3
vendor:	cisco	model:	ios 12.1yb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 e5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0xv	Trust: 0.3
vendor:	cisco	model:	ios 11.2p	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1yc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 yb5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xl	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	12.0(20.3)	Trust: 0.3
vendor:	cisco	model:	ios 12.2xe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 ye4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xh	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1ye	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 xq2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 xi1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 xd3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xr	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 yc2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xm	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2xj	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1xt	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2dd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 xk5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0xk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1yf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 xm6	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 yf3	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#362483 // BID: 3588 // CNNVD: CNNVD-200111-047 // NVD: CVE-2001-0929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0929
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#362483
value:	14.06
Trust: 0.8
CNNVD:	CNNVD-200111-047
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3736
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0929
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3736
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#362483 // VULHUB: VHN-3736 // CNNVD: CNNVD-200111-047 // NVD: CVE-2001-0929

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200111-047

TYPE

Design Error

Trust: 0.9

sources: BID: 3588 // CNNVD: CNNVD-200111-047

EXTERNAL IDS

db:	BID	id:	3588	Trust: 2.8
db:	CERT/CC	id:	VU#362483	Trust: 2.5
db:	NVD	id:	CVE-2001-0929	Trust: 2.0
db:	OSVDB	id:	808	Trust: 1.7
db:	CNNVD	id:	CNNVD-200111-047	Trust: 0.7
db:	CISCO	id:	20011128 A VULNERABILITY IN IOS FIREWALL FEATURE SET	Trust: 0.6
db:	XF	id:	7614	Trust: 0.6
db:	VULHUB	id:	VHN-3736	Trust: 0.1

sources: CERT/CC: VU#362483 // VULHUB: VHN-3736 // BID: 3588 // CNNVD: CNNVD-200111-047 // NVD: CVE-2001-0929

REFERENCES

url:	http://www.cisco.com/warp/public/707/ios-cbac-dynacl-pub.shtml	Trust: 2.8
url:	http://www.securityfocus.com/bid/3588	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/362483	Trust: 1.7
url:	http://www.osvdb.org/808	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7614	Trust: 1.1
url:	http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/7614	Trust: 0.6

sources: CERT/CC: VU#362483 // VULHUB: VHN-3736 // BID: 3588 // CNNVD: CNNVD-200111-047 // NVD: CVE-2001-0929

CREDITS

This vulnerability was announced in a Cisco Security Advisory on November 28, 2001.

Trust: 0.9

sources: BID: 3588 // CNNVD: CNNVD-200111-047

SOURCES

db:	CERT/CC	id:	VU#362483
db:	VULHUB	id:	VHN-3736
db:	BID	id:	3588
db:	CNNVD	id:	CNNVD-200111-047
db:	NVD	id:	CVE-2001-0929

LAST UPDATE DATE

2025-04-03T22:14:14.774000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#362483	date:	2004-03-30T00:00:00
db:	VULHUB	id:	VHN-3736	date:	2017-10-10T00:00:00
db:	BID	id:	3588	date:	2006-07-13T20:13:00
db:	CNNVD	id:	CNNVD-200111-047	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0929	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#362483	date:	2001-11-28T00:00:00
db:	VULHUB	id:	VHN-3736	date:	2001-11-28T00:00:00
db:	BID	id:	3588	date:	2001-11-28T00:00:00
db:	CNNVD	id:	CNNVD-200111-047	date:	2001-11-28T00:00:00
db:	NVD	id:	CVE-2001-0929	date:	2001-11-28T05:00:00