Vulnerability Description
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Pix Private Link | <= 4.1\(6\) |
References
- http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
- http://www.cisco.com/warp/public/770/pixkey-pub.shtmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1579
- http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
- http://www.cisco.com/warp/public/770/pixkey-pub.shtmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1579
FAQ
What is CVE-1999-1100?
CVE-1999-1100 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, whic...
How severe is CVE-1999-1100?
CVE-1999-1100 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1100?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Pix Private Link.