{"api_version":"1","generated_at":"2026-04-22T23:21:44+00:00","cve":"CVE-2001-0864","urls":{"html":"https://cve.report/CVE-2001-0864","api":"https://cve.report/api/cve/CVE-2001-0864.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2001-0864","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2001-0864"},"summary":{"title":"CVE-2001-0864","description":"Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit \"deny ip any any\" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.","state":"PUBLISHED","assigner":"mitre","published_at":"2001-12-06 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/3536","name":"http://www.securityfocus.com/bid/3536","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco 12000 Series Internet Router ACL Failure To Drop Packets Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.ciac.org/ciac/bulletins/m-018.shtml","name":"http://www.ciac.org/ciac/bulletins/m-018.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml","name":"http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Cisco Security Advisory: Multiple vulnerabilities in Access Control List \r\nimplementation for Cisco 12000 Series Internet Router","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7553","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7553","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/1986","name":"http://www.osvdb.org/1986","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2001-0864","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2001-0864","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2001","cve_id":"864","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"12000_router","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2001-0864","qid":"317196","title":"Cisco Internetwork Operating System (IOS) Access Control List Implementation Vulnerability (cisco-sa-20011114-gsr-acl)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T04:37:06.408Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"M-018","tags":["third-party-advisory","government-resource","x_refsource_CIAC","x_transferred"],"url":"http://www.ciac.org/ciac/bulletins/m-018.shtml"},{"name":"20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml"},{"name":"1986","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/1986"},{"name":"cisco-acl-deny-ip(7553)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7553"},{"name":"3536","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/3536"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2001-11-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit \"deny ip any any\" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-03-02T00:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"M-018","tags":["third-party-advisory","government-resource","x_refsource_CIAC"],"url":"http://www.ciac.org/ciac/bulletins/m-018.shtml"},{"name":"20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml"},{"name":"1986","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/1986"},{"name":"cisco-acl-deny-ip(7553)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7553"},{"name":"3536","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/3536"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2001-0864","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit \"deny ip any any\" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"M-018","refsource":"CIAC","url":"http://www.ciac.org/ciac/bulletins/m-018.shtml"},{"name":"20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router","refsource":"CISCO","url":"http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml"},{"name":"1986","refsource":"OSVDB","url":"http://www.osvdb.org/1986"},{"name":"cisco-acl-deny-ip(7553)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7553"},{"name":"3536","refsource":"BID","url":"http://www.securityfocus.com/bid/3536"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2001-0864","datePublished":"2002-03-09T05:00:00.000Z","dateReserved":"2001-11-22T00:00:00.000Z","dateUpdated":"2024-08-08T04:37:06.408Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2001-12-06 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:12000_router:*:*:*:*:*:*:*:*","matchCriteriaId":"978CC32A-55A9-4DAE-B2A4-9FE41FC9497D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2001","CveId":"864","Ordinal":"1","Title":"CVE-2001-0864","CVE":"CVE-2001-0864","Year":"2001"},"notes":[{"CveYear":"2001","CveId":"864","Ordinal":"1","NoteData":"Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit \"deny ip any any\" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.","Type":"Description","Title":"CVE-2001-0864"},{"CveYear":"2001","CveId":"864","Ordinal":"2","NoteData":"2002-03-09","Type":"Other","Title":"Published"},{"CveYear":"2001","CveId":"864","Ordinal":"3","NoteData":"2009-03-01","Type":"Other","Title":"Modified"}]}}}