CVE-1999-1306 — Cisco IOS vulnerability

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS

Timeline

PublishedDec 10

Latest updateApr 30

Description

Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios9.1

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-363m-9h8j-6gw4: Cisco IOS 9↗2022-04-30

▶