search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Cisco Secure PIX Firewall TCP Reset Vulnerability

Vulnerability Note VU#26825

Original Release Date: 2003-08-21 | Last Revised: 2003-08-21

Overview

A vulnerability in Cisco's Secure PIX Firewall may allow a remote attacker to reset arbitrary TCP sessions.

Description

Cisco describes the Secure PIX Firewall as, "an easy-to-install, integrated hardware/software firewall appliance". A vulnerability in the Secure PIX Firewall may allow a remote attacker to disrupt legitimate connections that have been established through the firewall. For more technical details, please see the Cisco Security Advisory Cisco Secure PIX Firewall TCP Reset Vulnerability.

Impact

A remote attacker can disrupt legitimate connections that have been established through the firewall.

Solution

Upgrade the software on the device as described in Cisco's Security Advisory.

Vendor Information

26825
 
Expand all

Cisco Systems Inc. Affected

Updated:  August 21, 2003

Status

Affected

Vendor Statement

http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2000-0613
Severity Metric: 4.18
Date Public: 2000-07-11
Date First Published: 2003-08-21
Date Last Updated: 2003-08-21 13:51 UTC
Document Revision: 8

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis