CVE-1999-1100

Published Dec 31, 1999

Last updated 7 years ago

Overview

Description: Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:pix_private_link:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E124299F-F51D-4603-B0E8-10E542360372",
            "versionEndIncluding": "4.1\\(6\\)"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References