Korean

<< Back VID 29063 Severity 40 Port 161 Protocol UDP Class CISCO Detailed Description The Cisco IOS has a filtering bypass vulnerability due to a "established" access list keyword (CISCO Bug ID CSCdi34061). This vulnerability can be exploited to circumvent a filtering router, resulting in unauthorized access to the system. If you are running the affected IOS version on a product that uses IP extended access lists, and you are using the 'established' keyword in these lists, it allows an user to bypass IP packet filtering. This may permit unintended IP traffic to pass through your firewall setup. * Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor. * References: http://www.cisco.com/warp/public/707/2.html * Platforms Affected: CISCO IOS software 10.3(1) through 10.3(2) CISCO IOS software 10.2(1) through 10.2(5) CISCO IOS software 10.0(1) through 10.0(9) Recommendation Upgrade to the latest version of Cisco IOS, (10.0(10) or later) or (10.2(6) or later) or (10.3(3) or later). Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/public/sw-center/ . As a workaround, rewrite the access list parameters so the 'established' keyword is not necessary. This does not simply mean that you may remove the 'established' keyword, but rather that you will need to re-design your access lists to provide similar functionality without using the established mechanism. -- OR -- Disable the interfaces to which the access list is applied using the 'shutdown' interface subcommand. Example: router(config)#interface ethernet 0 router(config-if)#shutdown For details, see the http://www.cisco.com/warp/public/707/2.html Related URL CVE-1999-0775 (CVE) Related URL (SecurityFocus) Related URL (ISS)