Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability

2017-03-15T16:00:00
ID CISCO-SA-20170315-ASA
Type cisco
Reporter Cisco
Modified 2017-03-15T14:21:03

Description

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic.

The vulnerability occurs because the BFD implementation incorrectly allows traffic with destination ports 3784 and 3785 through the interface ACLs. An attacker could exploit this vulnerability by sending TCP or UDP packets with a destination port of 3784 or 3785 through the ASA.

Workarounds that address this vulnerability are available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa"]