ID CVE-1999-1100 Type cve Reporter cve@mitre.org Modified 2017-10-10T01:29:00
Description
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
{"id": "CVE-1999-1100", "bulletinFamily": "NVD", "title": "CVE-1999-1100", "description": "Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.", "published": "1999-12-31T05:00:00", "modified": "2017-10-10T01:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1100", "reporter": "cve@mitre.org", "references": ["http://www.cisco.com/warp/public/770/pixkey-pub.shtml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/1579", "http://ciac.llnl.gov/ciac/bulletins/i-056.shtml"], "cvelist": ["CVE-1999-1100"], "type": "cve", "lastseen": "2021-02-02T05:19:01", "edition": 6, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:7635"]}], "modified": "2021-02-02T05:19:01", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2021-02-02T05:19:01", "rev": 2}, "vulnersScore": 4.3}, "cpe": ["cpe:/a:cisco:pix_private_link:4.1\\(6\\)"], "affectedSoftware": [{"cpeName": "cisco:pix_private_link", "name": "cisco pix private link", "operator": "le", "version": "4.1\\(6\\)"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:cisco:pix_private_link:4.1\\(6\\):*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:pix_private_link:4.1\\(6\\):*:*:*:*:*:*:*", "versionEndIncluding": "4.1\\(6\\)", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "cisco-pix-parse-error(1579)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1579"}, {"name": "I-056", "refsource": "CIAC", "tags": [], "url": "http://ciac.llnl.gov/ciac/bulletins/i-056.shtml"}, {"name": "19980616 PIX Private Link Key Processing and Cryptography Issues", "refsource": "CISCO", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/warp/public/770/pixkey-pub.shtml"}]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:02", "bulletinFamily": "software", "cvelist": ["CVE-1999-1100"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/770/pixkey-pub.shtml)\nISS X-Force ID: 1579\n[CVE-1999-1100](https://vulners.com/cve/CVE-1999-1100)\nCIAC Advisory: i-056\n", "modified": "1998-01-04T00:00:00", "published": "1998-01-04T00:00:00", "id": "OSVDB:7635", "href": "https://vulners.com/osvdb/OSVDB:7635", "title": "Cisco PIX Private Link DES Key Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
