5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%
A vulnerability in the Object-ACL matching process of Cisco Aggregation Services Router 9000 (ASR9K) could allow an unauthenticated, remote attacker to bypass the protection offered by a configured access control list (ACL) on an affected device.
The vulnerability is due to ASR9K incorrectly handling host access control entries by incorrectly matching any address instead of the specified host address. An attacker could exploit this vulnerability to bypass the access control list leading to traffic loss or unwanted permits.
Cisco has confirmed the vulnerability and released software updates.
The impact of an exploit depends on ACLs in use on the affected system. Attackers who could bypass the configured ACLs could gain access to restricted network resources, possibly resulting in attackers gaining access to critical systems. Affected systems are not impacted if no ACLs are configured, or ACLs do not use host values.
Specialized exploit code is not required to exploit the vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
cisco asr 9000 series aggregation services routers | eq | any | |
cisco asr | eq | 9000 Series Aggregation Services Routers |