Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20151112-IOS1
HistoryNov 13, 2015 - 11:30 a.m.

Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability

2015-11-1311:30:00
tools.cisco.com
14

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

29.6%

JSON

A vulnerability in Cisco devices that are running Cisco IOS Software Release 15.2(04)M or Cisco IOS Software Release 15.4(03)M and are configured to use access control lists (ACLs) could allow a user who is connected to an authenticated PPP session to bypass ACLs that are configured on virtual PPP interfaces, if the ACL on the physical interface permits the traffic to pass.

The vulnerability is due to the physical interface ignoring virtual PPP ACLs. An attacker could exploit this vulnerability to bypass virtual PPP ACLs and pass denied traffic across virtual PPP interfaces. A successful exploit could allow the attacker to pass traffic as if the ACLs do not exist.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1”]

Affected configurations

Vulners
Node
ciscoiosMatchany
OR
ciscoiosMatchany
VendorProductVersionCPE
ciscoiosanycpe:2.3:o:cisco:ios:any:*:*:*:*:*:*:*

Related

openvas 1
nvd 1
cvelist 1
nessus 1
cve 1
prion 1
openvas
openvas
Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability
2016-05-03 00:00:00
nvd
nvd
CVE-2015-6365
2015-11-14 03:59:03
cvelist
cvelist
CVE-2015-6365
2015-11-14 02:00:00
nessus
nessus
Cisco IOS Virtual PPP Interfaces Security Bypass
2015-11-19 00:00:00
cve
cve
CVE-2015-6365
2015-11-14 03:59:03
prion
prion
Design/Logic Flaw
2015-11-14 03:59:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

29.6%

JSON
Related for CISCO-SA-20151112-IOS1
openvas1nvd1cvelist1nessus1cve1prion1