PT-1999-1602 · Cisco · Cisco Cache Engine+1

Published

1999-12-31

Updated

2017-10-10

CVE-1999-1175

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Cache Engine for Cisco IOS versions prior to 11.2

Description The issue concerns the Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS, which does not utilize authentication. This lack of authentication allows remote attackers to redirect HTTP traffic to arbitrary hosts by sending WCCP packets to UDP port 2048.

Recommendations For Cisco Cache Engine for Cisco IOS versions prior to 11.2, consider implementing authentication for WCCP to prevent unauthorized redirection of HTTP traffic. As a temporary workaround, restrict access to UDP port 2048 to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1175

Affected Products

Cisco Cache Engine

Cisco Ios

PT-1999-1602 · Cisco · Cisco Cache Engine+1

CVE-1999-1175

Related Identifiers

Affected Products

References · 4