CVE-1999-1582

critical

Description

By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/8052

http://www.kb.cert.org/vuls/id/6733

http://www.cisco.com/warp/public/707/pixest-pub.shtml

Details

Source: Mitre, NVD

Published: 1998-07-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00508