CVE-1999-0667

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified) Zyxel ZyWALL USG 300 (affected versions not specified) D-Link DSR-1000 (affected versions not specified) D-Link DSR-500 (affected versions not specified) D-Link DSR-250 (affected versions not specified) D-Link DSR-150 (affected versions not specified) FANUC 32i (affected versions not specified) Windows (affected versions not specified)

Description The issue is related to the lack of authentication for ARP packets in the affected software, which allows an attacker to conduct ARP spoofing attacks. This can lead to the interception of network traffic, IP address spoofing, or denial of service. The attacker can send fake ARP replies to poison the ARP cache, allowing them to redirect network packets to a different node. This vulnerability can be exploited to intercept and modify network services used by the affected devices.

Recommendations For Cisco IOS, consider implementing ARP packet authentication mechanisms to prevent spoofing attacks. For Zyxel ZyWALL USG 300, restrict access to the device's ARP table to minimize the risk of exploitation. For D-Link DSR-1000, D-Link DSR-500, D-Link DSR-250, and D-Link DSR-150, disable ARP packet forwarding until a patch is available. For FANUC 32i, implement network segmentation to limit the spread of spoofed ARP packets. For Windows, enable ARP packet authentication or use alternative security measures to prevent ARP spoofing attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.