CVE-1999-0775 in IOS
Summary
by MITRE
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability identified as CVE-1999-0775 affects Cisco Gigabit Switch routers operating on IOS software, representing a significant security flaw in network access control mechanisms. This issue stems from the improper processing of the "established" keyword within access control lists, which are fundamental components for controlling network traffic flow and enforcing security policies. The flaw allows remote attackers to bypass intended access restrictions and forward unauthorized packets through the affected network infrastructure.
The technical root cause of this vulnerability lies in how the IOS software interprets and applies the "established" keyword within access control list configurations. This keyword is typically used to permit traffic that is part of an established connection, but the implementation contains a logic error that fails to properly validate packet forwarding decisions. When an attacker crafts specific network packets that exploit this misinterpretation, the system incorrectly processes these packets as legitimate traffic that should be forwarded. This misconfiguration creates a pathway for unauthorized network access that bypasses normal security controls, effectively allowing malicious actors to traverse network boundaries that should remain protected.
The operational impact of CVE-1999-0775 extends beyond simple unauthorized packet forwarding, as it fundamentally compromises the integrity of network access control policies. Attackers can leverage this vulnerability to gain access to internal network segments that should be protected from external threats, potentially leading to data exfiltration, network disruption, or further lateral movement within the compromised network. The remote nature of the attack means that adversaries do not require physical access to the network infrastructure, making the vulnerability particularly dangerous in environments where network security is paramount. This flaw directly violates the principle of least privilege and can result in complete network compromise if not addressed promptly.
Network administrators and security professionals should prioritize patching affected Cisco Gigabit Switch routers with the appropriate IOS updates that correct the access list processing logic. The vulnerability aligns with CWE-284, which addresses improper access control mechanisms, and represents a classic example of how flawed input validation can lead to security bypasses. From an ATT&CK framework perspective, this vulnerability maps to techniques involving network sniffing and traffic manipulation, potentially enabling adversaries to establish persistent network access. Organizations should conduct immediate vulnerability assessments to identify all affected devices and implement network segmentation strategies to limit the potential impact of such attacks. Additionally, monitoring network traffic for anomalous packet forwarding patterns can help detect exploitation attempts and provide early warning of potential compromise.