Preview Tool

Cisco Bug: CSCur01042 - ACL on tunnel bypassed in CEF path if ACL on phy intf allows it

Last Modified

Sep 14, 2019

Products (112)

  • Cisco IOS
  • Cisco 892W Integrated Services Router
  • Cisco ASR 901-6CZ-F-D Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco C892FSP Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M6 15.4(3)S

Description (partial)

Cisco devices running IOS software versions 15.2(04)M6 and 15.4(03)S contain an access control list vulnerability that could allow an
unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface
permits the traffic to pass. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass denied traffic across
tunnel interfaces. If successful, the user could pass traffic as if the ACLs did not exist.

ACLs must be configured on tunnel interfaces, but not exist on physical interfaces.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.