Cisco IOS Firewall CBAC ACL Bypass

2001-11-28T00:00:00
ID OSVDB:808
Type osvdb
Reporter OSVDB
Modified 2001-11-28T00:00:00

Description

Vulnerability Description

IOS contains a flaw that may allow a malicious user to direct network traffic to a protected host. The issue is triggered when IOS fails to check the protocol type of return traffic which otherwise matches a dynamic access list entry. It is possible that the flaw may allow unauthorized traffic to pass into a protected network.

Solution Description

Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IOS contains a flaw that may allow a malicious user to direct network traffic to a protected host. The issue is triggered when IOS fails to check the protocol type of return traffic which otherwise matches a dynamic access list entry. It is possible that the flaw may allow unauthorized traffic to pass into a protected network.

References:

Vendor Specific Advisory URL Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=100697841826585&w=2 ISS X-Force ID: 7614 CVE-2001-0929 CERT VU: 362483 Bugtraq ID: 3588