Cisco Bug: CSCur28806 - ACL slow-path matching failed for host member in IPv4 obj-group
Last Modified
Sep 17, 2019
Products (8)
- Cisco ASR 9000 Series Aggregation Services Routers
- Cisco IOS XR Software
- Cisco ASR 9922 Router
- Cisco ASR 9010 Router
- Cisco ASR 9904 Router
- Cisco ASR 9006 Router
- Cisco ASR 9001 Router
- Cisco ASR 9912 Router
Known Affected Releases
5.1.3.LC 5.3.0.BASE
Description (partial)
Symptoms: An issue in the Object-ACL matching process Cisco Aggregation Services Router 9000 (ASR9K) could allow an unauthenticated, remote attacker to bypass protection offerred by a configured ACL on an affected device. The issue is due to ASR9K incorrectly handling host access control entries by incorrectly matching ''any'' address instead of the specified ''host'' address. An attacker could exploit this vulnerability to bypass the access control list leading to traffic loss or unwanted permits. Conditions: ASR9K running affected software.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases