CVE-1999-1152 is a vulnerability found in the Compaq/Microcom 6000 Access Integrator firmware. The core issue is that the system does not disconnect a client after multiple failed login attempts. This lack of enforcement on login attempt limits allows remote attackers to perform brute force attacks to guess valid usernames or passwords. Since the system does not lock out or disconnect clients after repeated failures, attackers can continuously attempt credential guesses without interruption. The vulnerability is classified under CWE-307, which relates to improper restriction of excessive authentication attempts. The CVSS 3.1 base score is 7.5 (high severity), with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. The impact is primarily on confidentiality, as successful brute forcing can lead to unauthorized access to the system. There is no indication of impact on integrity or availability. No patches are available for this vulnerability, and no known exploits have been reported in the wild. The affected product is a legacy firmware for Compaq/Microcom 6000 Access Integrator, a device used historically for network access integration and management. Given the age of the vulnerability (published in 1998), it is likely that affected systems are legacy or out of service in many environments, but some industrial or specialized networks may still use them.

For European organizations, the primary impact of this vulnerability is unauthorized access due to brute force attacks on network access devices running the vulnerable firmware. If exploited, attackers could gain access to network management interfaces or sensitive network infrastructure components, potentially leading to further lateral movement or data exposure. Confidentiality is at risk as attackers may obtain valid credentials. Although there is no direct impact on system integrity or availability, unauthorized access can lead to indirect consequences such as configuration changes or data leakage. Organizations in sectors with legacy infrastructure, such as industrial control systems, telecommunications, or government networks, may be more vulnerable if these devices remain in use. The lack of patch availability means organizations must rely on compensating controls. The threat is heightened by the fact that no authentication or user interaction is required to attempt exploitation, making remote brute force attacks feasible over the network.

Given the absence of official patches, European organizations should implement compensating controls to mitigate this vulnerability. These include: 1) Network segmentation and isolation of legacy Compaq/Microcom 6000 Access Integrator devices to restrict access only to trusted management networks. 2) Deployment of intrusion detection/prevention systems (IDS/IPS) to monitor and block repeated failed login attempts or brute force patterns targeting these devices. 3) Implementation of strong password policies and use of complex, non-default credentials to reduce the likelihood of successful brute force attacks. 4) Use of VPNs or secure tunnels with multi-factor authentication for remote access to these devices to add an additional layer of authentication. 5) Regular auditing and monitoring of login attempts and access logs to detect suspicious activity early. 6) Where possible, replacement or upgrade of legacy devices to modern, supported hardware and firmware that include brute force protections and account lockout mechanisms. 7) Limiting network exposure of these devices by firewall rules to only allow management access from specific IP addresses or subnets.