A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-09-23T02:30:50.538291Z
Updated: 2024-11-07T21:51:40.735Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1616
Vulnrichment
Updated: 2024-08-03T16:18:10.302Z
NVD
Status : Modified
Published: 2021-09-23T03:15:12.627
Modified: 2023-11-07T03:28:47.623
Link: CVE-2021-1616
Redhat
No data.