search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Cisco Secure PIX Firewall TCP Reset Vulnerability

Vulnerability Note VU#26825

Original Release Date: 2003-08-21 | Last Revised: 2003-08-21

Overview

A vulnerability in Cisco's Secure PIX Firewall may allow a remote attacker to reset arbitrary TCP sessions.

Description

Cisco describes the Secure PIX Firewall as, "an easy-to-install, integrated hardware/software firewall appliance". A vulnerability in the Secure PIX Firewall may allow a remote attacker to disrupt legitimate connections that have been established through the firewall. For more technical details, please see the Cisco Security Advisory Cisco Secure PIX Firewall TCP Reset Vulnerability.

Impact

A remote attacker can disrupt legitimate connections that have been established through the firewall.

Solution

Upgrade the software on the device as described in Cisco's Security Advisory.

Vendor Information

26825
Expand all

Cisco Systems Inc.

Updated:  August 21, 2003

Status

  Vulnerable

Vendor Statement

http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2000-0613
Severity Metric: 4.18
Date Public: 2000-07-11
Date First Published: 2003-08-21
Date Last Updated: 2003-08-21 13:51 UTC
Document Revision: 8

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.