Vulnerability Description
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | 12000 Router | All versions |
References
- http://www.ciac.org/ciac/bulletins/m-018.shtml
- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
- http://www.iss.net/security_center/static/7554.php
- http://www.osvdb.org/1984
- http://www.securityfocus.com/bid/3537
- http://www.ciac.org/ciac/bulletins/m-018.shtml
- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
- http://www.iss.net/security_center/static/7554.php
- http://www.osvdb.org/1984
- http://www.securityfocus.com/bid/3537
FAQ
What is CVE-2001-0866?
CVE-2001-0866 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could all...
How severe is CVE-2001-0866?
CVE-2001-0866 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0866?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco 12000 Router.