Guest

Preview Tool

Cisco Bug: CSCvt55079 - Cisco IOS XR Software Standby RP Management Interface ACL Bypass Vulnerability

Last Modified

Sep 02, 2020

Products (1)

  • Cisco 8000 Series Routers

Known Affected Releases

7.0.12.BASE 7.0.14.BASE

Description (partial)

Symptom:

A vulnerability in access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface.

The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this issue by attempting to access the device via the standby route processor management interface.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt

Conditions:

At the time of publication, this vulnerability affected  Cisco IOS XR versions:

Train | Affected Releases
 6.7    | 6.7.1                          
 7.0    | 7.0.2, 7.0.11, 7.0.12
 7.1    | 7.1.1, 7.1.15
This vulnerability will be addressed in:
Train  | Targeted First Fixed Release
 6.7     | 6.7.2 (End July)
 7.0     | 7.0.14 (End September)
 7.1     | 7.1.2 (End July)

As well as SMU ID AA17404 will be published for Cisco 8000 Series.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.