Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability
|
Información sobre el sistema
|
|
|
Software afectado |
Cisco |
Descripción
|
A vulnerability in Cisco devices running IOS Software versions 15.2(04)M6 and 15.4(03)S configured with access control lists (ACLs) could allow an unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface permits the traffic to pass. The vulnerability is due to the physical interface ignoring the tunnel interface ACLs. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass
More info:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Tunnel%20Interfaces%20Security%20Bypass%20Vulnerabil |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-6366. |