exploitDog

CVE-1999-1175

Опубликовано: 31 дек. 1999

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

Ссылки

http://www.ciac.org/ciac/bulletins/i-054.shtml
Patch
Vendor Advisory
http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/1577
http://www.ciac.org/ciac/bulletins/i-054.shtml
Patch
Vendor Advisory
http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/1577

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*

Версия до 11.2 (включая)

EPSS

Процентиль: 74%

0.00871

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2qg5-3mg4-mrr4

github

около 3 лет назад

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

EPSS

Процентиль: 74%

0.00871

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other