A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming.
History

Thu, 07 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-09-23T02:30:50.538291Z

Updated: 2024-11-07T21:51:40.735Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1616

cve-icon Vulnrichment

Updated: 2024-08-03T16:18:10.302Z

cve-icon NVD

Status : Modified

Published: 2021-09-23T03:15:12.627

Modified: 2023-11-07T03:28:47.623

Link: CVE-2021-1616

cve-icon Redhat

No data.