Details of VAR-200112-0002

ID

VAR-200112-0002

CVE

CVE-2001-0864

TITLE

Cisco 12000 Series internet router ACL Failure drop packet vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-033

DESCRIPTION

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. Cisco 12000 Series Internet Routers with line cards based on Engine 2 are prone to an unusual issue where they may fail to drop packets. The result is that some packets will not be dropped, potentially allowing restricted traffic into the network. Cisco has assigned Vulnerability CSCdu03323 to this issue. Some outgoing packets bypass access restrictions

Trust: 1.26

sources: NVD: CVE-2001-0864 // BID: 3536 // VULHUB: VHN-3671

AFFECTED PRODUCTS

vendor:	cisco	model:	12000 router	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	12000 router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.0st	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0s	scope:	-	version:	-	Trust: 0.3

sources: BID: 3536 // CNNVD: CNNVD-200112-033 // NVD: CVE-2001-0864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0864
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200112-033
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3671
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0864
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3671
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3671 // CNNVD: CNNVD-200112-033 // NVD: CVE-2001-0864

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-033

TYPE

Unknown

Trust: 0.9

sources: BID: 3536 // CNNVD: CNNVD-200112-033

EXTERNAL IDS

db:	BID	id:	3536	Trust: 2.0
db:	NVD	id:	CVE-2001-0864	Trust: 1.7
db:	OSVDB	id:	1986	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-033	Trust: 0.7
db:	CISCO	id:	20011114 MULTIPLE VULNERABILITIES IN ACCESS CONTROL LIST IMPLEMENTATION FOR CISCO 12000 SERIES INTERNET ROUTER	Trust: 0.6
db:	XF	id:	7553	Trust: 0.6
db:	CIAC	id:	M-018	Trust: 0.6
db:	VULHUB	id:	VHN-3671	Trust: 0.1

sources: VULHUB: VHN-3671 // BID: 3536 // CNNVD: CNNVD-200112-033 // NVD: CVE-2001-0864

REFERENCES

url:	http://www.securityfocus.com/bid/3536	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/m-018.shtml	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/gsr-acl-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/1986	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7553	Trust: 1.1
url:	http://xforce.iss.net/static/7553.php	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/sec_incident_response.shtml	Trust: 0.3

sources: VULHUB: VHN-3671 // BID: 3536 // CNNVD: CNNVD-200112-033 // NVD: CVE-2001-0864

CREDITS

This vulnerability was first publicized in a Cisco Security Advisory on November 14th, 2001.

Trust: 0.9

sources: BID: 3536 // CNNVD: CNNVD-200112-033

SOURCES

db:	VULHUB	id:	VHN-3671
db:	BID	id:	3536
db:	CNNVD	id:	CNNVD-200112-033
db:	NVD	id:	CVE-2001-0864

LAST UPDATE DATE

2025-04-03T22:16:57.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3671	date:	2017-10-10T00:00:00
db:	BID	id:	3536	date:	2001-11-14T00:00:00
db:	CNNVD	id:	CNNVD-200112-033	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2001-0864	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3671	date:	2001-12-06T00:00:00
db:	BID	id:	3536	date:	2001-11-14T00:00:00
db:	CNNVD	id:	CNNVD-200112-033	date:	2001-12-06T00:00:00
db:	NVD	id:	CVE-2001-0864	date:	2001-12-06T05:00:00