| VID |
29062 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS Firewall Feature Set has a ACL bypass vulnerability(CISCO Bug ID CSCdv48261).
Depending on the exact session parameters, it may be possible to send data to processes that were supposed to be accessible only from within the trusted network. In the worst case, it allow a remote attacker to bypass the dynamic access control lists and open an interactive session to a host on the protected network.
In IOS version 11.2P, the IOS Firewall Feature set, also known as Cisco Secure Integrated Software, also known as Context Based Access Control (CBAC), a IP-based stateful inspection system. When a session is initiated from the protected network, CBAC creates a dynamic access list entry allowing return traffic for that session. Upon inspection of the return traffic through a dynamic access list, source and destination addresses and ports are checked, however IP protocol type is not checked. This could allow permit a packet of different protocol type expected to be denied by the dynamic access control lists into the protected network.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm
http://www.kb.cert.org/vuls/id/362483
* Platforms Affected:
CISCO IOS 11.2P
CISCO IOS 11.3T
CISCO IOS 12.0, 12.0T
CISCO IOS 12.1, 12.1T, 12.1E
CISCO IOS 12.2, 12.2T
Cisco routers in the following series: 800, 820, 950, 1400, 1600, 1700, 2500, 2600, 3600, 4000 Gateway, 4224, 7100, 7200, 7400, 7500, SOHO 70, ubr900, ICS7750.
Catalyst 5000 and 6000 if they are running Cisco IOS software. |
| Recommendation |
Upgrade to the fixed version of Cisco IOS, as listed in "Software Versions and Fixes" of Cisco Security Advisory(A Vulnerability in IOS Firewall Feature Set), http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com . |
| Related URL |
CVE-2001-0929 (CVE) |
| Related URL |
3588 (SecurityFocus) |
| Related URL |
7614 (ISS) |
|
