Guest

Preview Tool

Cisco Bug: CSCur61303 - ACL on virtual-ppp bypassed in process path if ACL on phy allows traffic

Last Modified

Sep 14, 2019

Products (91)

  • Cisco IOS
  • Cisco C892FSP Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco C897VA Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 888W Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M 15.4(3)M

Description (partial)

Symptom:
Cisco devices running IOS software versions 15.2(04)M and 15.4(03)M contain an access control list vulnerability that could allow a user using an
authenticated PPP session to bypass configured ACLs on virtual PPP interfaces if the ACL on the physical interface permits the traffic to pass. A
user could exploit this vulnerability to bypass configured virtual PPP ACLs and pass denied traffic across virtual PPP interfaces. If successful,
the user could pass traffic as if the ACLs did not exist.

Conditions:
ACLs are configured as deny on virtual PPP interface, but they are configured as permit on physical interface.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.