CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS
Percentile
48.7%
Cisco Carrier Routing System contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security protections and gain unauthorized network access.
The vulnerability is due to improper handling of IP version 4 (IPv4) fragments in the affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to the device. When processed, the requests could bypass access control entries (ACEs), allowing the attacker to send network requests to restricted network segments.
Cisco has confirmed this vulnerability and released software updates.
The vulnerability affects only systems that use ACLs to restrict access to specific network segments or hosts and only for noninitial IPv4 fragments. This vulnerability does not apply to nonfragments or to the initial fragment.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | carrier_routing_system | any | cpe:2.3:a:cisco:carrier_routing_system:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS
Percentile
48.7%