Vulnerabilities > CVE-2001-0866 - Unspecified vulnerability in Cisco 12000 Router

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus

Summary

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
1

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20011114-GSR-ACLHTTP.NASL
    descriptionSix vulnerabilities involving Access Control List (ACL) has been discovered in multiple releases of Cisco IOS Software Release for Cisco 12000 Series Internet Routers. Not all vulnerabilities are present in all IOS releases and only line cards based on the Engine 2 are affected by them. No other Cisco product is vulnerable. The workarounds are described in the Workarounds section.
    last seen2019-10-28
    modified2010-09-01
    plugin id48959
    published2010-09-01
    reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48959
    titleMultiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router - Cisco Systems
    code
    #TRUSTED 872a9c11ebdf0af1aadf03c87234a1fb2ee62321e140f4b3bf948d9e51603c6ef066b4758cbcab7fb9335e0059a3cbf1223b12e822f1ed2238af50f57c343b3f508db3ef2a72dd9a4c496d21ab955f42e04a29f6bd238ee821ba68a8b9653b45b75f99dd324d7922cefd62493fadbee0d4d757ce9553a05e4de53ee3fc17bd1b93922f287e68f6a40a5944947ae72820f4bf467bcb8948bd87b5df7fcece2380fae078c04c1865c11bcc6f730cf54c0d55c912fe6143549c97d75441555e85f169f50d4f31992e5810bccdfac68211d3cf8f069d3abd521142f4128ba9cb845dbbad35825193770c0cf8a6f79c3d00bf3428a3fa1128a9a3bdda2ff62c8746bcffb26aca85d418d534bc874c8086789b1edb06545f2c725ab1f36accd29c952ac4ab6fa3bc320dec2d42fecd81606b2027670d7a11c5588506cf8014000ca44e3af17daf71d88fd2bc3c8ca88b8218bba1e15e2d8ce1b3e22c8b8a28ac284089c83bc2d080674f8bf7e28b953b559db0947283722082361351e10dd87438af00d18894e04b3828d030949a3f083fe6da3a407103803a5f5e2816af2ceee3796996ccedefd989b4148b2ca5320f1b4f424169194ac6550459c7a06925440c74e33757fa036e59388c6799ea01c9a2a3c50c6a81d162eb036fe0767a998c825f9cbb090c7f263da39e8622d848625cbc334afa3f3c3b73646d2482a04d96fa6863
    #
    # (C) Tenable Network Security, Inc.
    #
    # Security advisory is (C) CISCO, Inc.
    # See https://www.cisco.com/en/US/products/products_security_advisory09186a00800b168f.shtml
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
     script_id(48959);
     script_version("1.15");
     script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");
     script_cve_id(
      "CVE-2001-0862",
      "CVE-2001-0863",
      "CVE-2001-0864",
      "CVE-2001-0865",
      "CVE-2001-0866",
      "CVE-2001-0867"
     );
     script_bugtraq_id(3535, 3536, 3537, 3538, 3539, 3540, 3542);
     script_name(english:"Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router - Cisco Systems");
     script_summary(english:"Checks the IOS version.");
     script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch");
     script_set_attribute(attribute:"description", value:
    'Six vulnerabilities involving Access Control List (ACL) has been
    discovered in multiple releases of Cisco IOS Software Release for
    Cisco 12000 Series Internet Routers. Not all vulnerabilities are
    present in all IOS releases and only line cards based on the Engine 2
    are affected by them.
    No other Cisco product is vulnerable.
    The workarounds are described in the Workarounds section.
    ');
     # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20011114-gsr-acl
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a3f9163");
     # https://www.cisco.com/en/US/products/products_security_advisory09186a00800b168f.shtml
     script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?6f6e900d");
     script_set_attribute(attribute:"solution", value:
    "Apply the relevant patch referenced in Cisco Security Advisory
    cisco-sa-20011114-gsr-acl.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"2001/11/14");
     script_set_attribute(attribute:"patch_publication_date", value:"2001/11/14");
     script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01");
    
     script_end_attributes();
     script_xref(name:"CISCO-BUG-ID", value:"CSCddm44976");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdm4476");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdm44976");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdt69741");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdt96370");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdu03323");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdu35175");
     script_xref(name:"CISCO-BUG-ID", value:"CSCdu57417");
     script_xref(name:"CISCO-SA", value:"cisco-sa-20011114-gsr-acl");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc.");
     script_family(english:"CISCO");
     script_dependencie("cisco_ios_version.nasl");
     script_require_keys("Host/Cisco/IOS/Version");
     exit(0);
    }
    include("audit.inc");
    include("cisco_func.inc");
    include("cisco_kb_cmd_func.inc");
    
    flag = 0;
    report_extra = "";
    version = get_kb_item_or_exit("Host/Cisco/IOS/Version");
    override = 0;
    
    # Vulnerability CSCdm4476
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(10.1)S", "12.0(11)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdu57417
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(19)S", "12.0(19.3)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(18.6)ST1", "12.0(19.3)ST", "12.0(19)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdu03323
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(16)S2", "12.0(17)S", "12.0(17.5)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(16.6)ST1", "12.0(17)ST", "12.0(17.5)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdu03323
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(16)S2", "12.0(17)S", "12.0(17.5)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(16.6)ST1", "12.0(17)ST", "12.0(17.5)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdu35175
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(19.6)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(19.6)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdt96370
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(16)S1", "12.0(17)S", "12.0(17.1)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(15.6)ST3", "12.0(16)ST", "12.0(17.1)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    # Vulnerability CSCdt69741
    # Affected: 12.0S
    if (check_release(version: version,
                      patched: make_list("12.0(16.6)S2", "12.0(17)S", "12.0(17.3)S"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    # Affected: 12.0ST
    if (check_release(version: version,
                      patched: make_list("12.0(17.3)ST", "12.0(18)ST"))) {
     report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++;
    }
    
    if (get_kb_item("Host/local_checks_enabled"))
    {
      if (flag)
      {
        flag = 0;
        buf = cisco_command_kb_item("Host/Cisco/Config/show_diag", "show diag");
        if (check_cisco_result(buf))
        {
          if (preg(pattern:"L3\s+Engine:\s+2", multiline:TRUE, string:buf)) { flag = 1; }
        } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
      }
    }
    
    if (flag)
    {
      security_hole(port:0, extra:report_extra + cisco_caveat(override));
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
    
  • NASL familyCISCO
    NASL idCISCO_GSR_ACL.NASL
    descriptionhttp://www.nessus.org/u?1a3f9163
    last seen2020-06-01
    modified2020-06-02
    plugin id10970
    published2002-06-05
    reporterThis script is (C) 2002-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10970
    titleCisco 12000 Series Routers Multiple Vulnerabilities (DoS, ACL Bypass)