CVE-1999-0524

MEDIUM

macOS - Unprotected ICMP Information Exposure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-1999-0524. PoCs published by threatlabindonesia, b1tsec, Ransc0rp1on.

AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-1999-0524 by sending ICMP Timestamp and Address Mask requests to target systems, potentially exposing sensitive network information or causing DoS attacks. The script includes features for bulk processing, port checking, and logging responses.

Description

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Exploits (3)

nomisec WORKING POC 2 stars
by threatlabindonesia · poc
https://github.com/threatlabindonesia/CVE-1999-0524-ICMP-Timestamp-and-Address-Mask-Request-Exploit

This repository contains a functional Python script that exploits CVE-1999-0524 by sending ICMP Timestamp and Address Mask requests to target systems, potentially exposing sensitive network information or causing DoS attacks. The script includes features for bulk processing, port checking, and logging responses.

Classification
Working Poc 90%
Attack Type
Info Leak | Dos
Complexity
Moderate
Reliability
Reliable
Target: Systems vulnerable to ICMP Timestamp and Address Mask Requests (CVE-1999-0524)
No auth needed
Prerequisites: Administrative privileges for raw socket access · Python 3.x
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 1 stars
by b1tsec · poc
https://github.com/b1tsec/CVE-1999-0524

The repository contains a Bash script that scans for systems vulnerable to ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524) by sending ICMP timestamp requests and checking for responses. It does not exploit the vulnerability but detects its presence.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Systems with ICMP timestamp reply enabled
No auth needed
Prerequisites: hping3 installed · list of target IPs
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Ransc0rp1on · poc
https://github.com/Ransc0rp1on/ICMP-Timestamp-POC

This repository contains a functional PowerShell script that exploits CVE-1999-0524 by sending ICMP Timestamp Requests to extract remote system time information. The script supports multiple targets, uses tools like nping or hping3, and provides detailed output of the disclosed timestamps.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Systems responding to ICMP Timestamp Requests (ICMP Type 13)
No auth needed
Prerequisites: nping or hping3 installed · network connectivity to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/322
Broken Link x_refsource_misc
http://descriptions.securescout.com/tc/11010
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/306
Broken Link x_refsource_misc
http://descriptions.securescout.com/tc/11011
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/95
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Scores

CVSS v3 4.0
EPSS 0.3159
EPSS Percentile 98.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (14)
apple/mac_os_x
apple/macos
cisco/ios
hp/hp-ux
hp/tru64
ibm/aix
ibm/os2
linux/linux_kernel
microsoft/windows
novell/netware
... and 4 more
Published Aug 01, 1997
Tracked Since Feb 18, 2026