Vulnerability Description
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | <= 11.2 |
References
- http://www.ciac.org/ciac/bulletins/i-054.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/770/wccpauth-pub.shtmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1577
- http://www.ciac.org/ciac/bulletins/i-054.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/770/wccpauth-pub.shtmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1577
FAQ
What is CVE-1999-1175?
CVE-1999-1175 is a vulnerability with a CVSS score of 7.5 (HIGH). Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP p...
How severe is CVE-1999-1175?
CVE-1999-1175 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1175?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.