Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-1999-0524

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.0, requiring local system access to exploit with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited integrity, for affected systems. Impacting 14 products from apple, from apple, from cisco and 11 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 1997, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

1997-08-01T04:00:00.000

Last Modified

2026-05-28T18:16:21.263

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200
NVD-CWE-noinfo
Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	mac_os_x	-	Yes
Operating System	apple	macos	-	Yes
Operating System	cisco	ios	-	Yes
Operating System	hp	hp-ux	-	Yes
Operating System	hp	tru64	-	Yes
Operating System	ibm	aix	-	Yes
Operating System	ibm	os2	-	Yes
Operating System	linux	linux_kernel	-	Yes
Operating System	microsoft	windows	-	Yes
Operating System	novell	netware	-	Yes
Operating System	oracle	solaris	-	Yes
Operating System	sco	sco_unix	-	Yes
Operating System	sgi	irix	-	Yes
Operating System	windriver	bsdos	-	Yes

References

http://descriptions.securescout.com/tc/11010 Broken Link ([email protected])
http://descriptions.securescout.com/tc/11011 Broken Link ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory ([email protected])
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434 Third Party Advisory ([email protected])
http://www.osvdb.org/95 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/306 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/322 Third Party Advisory, VDB Entry ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10053 Broken Link ([email protected])
http://descriptions.securescout.com/tc/11010 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://descriptions.securescout.com/tc/11011 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1434 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/95 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/306 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/322 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10053 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K15277 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For apple's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.