CVE-ID

CVE-1999-1466

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010831 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20010912)
Votes (Legacy)
ACCEPT(3) Cole, Foat, Stracener
MODIFY(1) Frech
NOOP(2) Christey, Wall
Comments (Legacy)
 Frech> XF:cisco-acl-established(1248)
   Possible dupe with CVE-1999-0162.
 Christey> This is not a dupe with CVE-1999-0162.  The Cisco advisory
   referenced in CVE-1999-0162 says that affected Cisco versions
   are 10.0 through 10.3.  This CAN deals with versions 8.2
   through 9.1.  In addition, the date of release of
   CVE-1999-0162 is June 1995; this CAN was released December
   1992.  Both items include clear Cisco acknowledgement with
   details, so we should conclude that  they are separate
   problems, despite the vagueness of the reports.

Proposed (Legacy)
20010912
This is an entry on the CVE list, which standardizes names for security problems.