Details of VAR-200112-0003

ID

VAR-200112-0003

CVE

CVE-2001-0865

TITLE

Cisco 12000 Series Turbo ACL Fragment Bypass Vulnerability

Trust: 0.9

sources: BID: 3540 // CNNVD: CNNVD-200112-029

DESCRIPTION

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems. The keyword "fragment" in a compiled (turbo) ACL will be ignored when evaluating packets that are addressed to the router itself. Cisco has assigned Vulnerability CSCdu57417 to this issue. Fragmented packets violate expected access

Trust: 1.26

sources: NVD: CVE-2001-0865 // BID: 3540 // VULHUB: VHN-3672

AFFECTED PRODUCTS

vendor:	cisco	model:	12000 router	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	12000 router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.0st	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.0s	scope:	-	version:	-	Trust: 0.3

sources: BID: 3540 // CNNVD: CNNVD-200112-029 // NVD: CVE-2001-0865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0865
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200112-029
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3672
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0865
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3672
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3672 // CNNVD: CNNVD-200112-029 // NVD: CVE-2001-0865

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-029

TYPE

Design Error

Trust: 0.9

sources: BID: 3540 // CNNVD: CNNVD-200112-029

EXTERNAL IDS

db:	BID	id:	3540	Trust: 2.0
db:	NVD	id:	CVE-2001-0865	Trust: 1.7
db:	OSVDB	id:	1988	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-029	Trust: 0.7
db:	CISCO	id:	20011114 MULTIPLE VULNERABILITIES IN ACCESS CONTROL LIST IMPLEMENTATION FOR CISCO 12000 SERIES INTERNET ROUTER	Trust: 0.6
db:	XF	id:	7552	Trust: 0.6
db:	CIAC	id:	M-018	Trust: 0.6
db:	VULHUB	id:	VHN-3672	Trust: 0.1

sources: VULHUB: VHN-3672 // BID: 3540 // CNNVD: CNNVD-200112-029 // NVD: CVE-2001-0865

REFERENCES

url:	http://www.securityfocus.com/bid/3540	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/m-018.shtml	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/gsr-acl-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/1988	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7552	Trust: 1.1
url:	http://xforce.iss.net/static/7552.php	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/sec_incident_response.shtml	Trust: 0.3

sources: VULHUB: VHN-3672 // BID: 3540 // CNNVD: CNNVD-200112-029 // NVD: CVE-2001-0865

CREDITS

This vulnerability was first published in a Cisco Security Advisory on November 14th, 2001.

Trust: 0.9

sources: BID: 3540 // CNNVD: CNNVD-200112-029

SOURCES

db:	VULHUB	id:	VHN-3672
db:	BID	id:	3540
db:	CNNVD	id:	CNNVD-200112-029
db:	NVD	id:	CVE-2001-0865

LAST UPDATE DATE

2025-04-03T22:16:57.112000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3672	date:	2017-10-10T00:00:00
db:	BID	id:	3540	date:	2001-11-14T00:00:00
db:	CNNVD	id:	CNNVD-200112-029	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2001-0865	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3672	date:	2001-12-06T00:00:00
db:	BID	id:	3540	date:	2001-11-14T00:00:00
db:	CNNVD	id:	CNNVD-200112-029	date:	2001-12-06T00:00:00
db:	NVD	id:	CVE-2001-0865	date:	2001-12-06T05:00:00