Cisco Bug: CSCsy98662 - Access-list allows port ranges with start-port greater than end-port
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: The ASA/PIX command line allows you to configure access-list entries with port ranges such that the start port is greater than the end port. For example: access-list test permit tcp any any range 2000 1000 This may cause issues with configuration utilities, namely ASDM, that do sanity checks to ensure the start port is less than then end port. Conditions: This behavior is present on version 8.0.4 ad presumably earlier versions as well.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases