CISCO : Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105636

Kategorie: CISCO

Titel: Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability

Zusammenfassung: A vulnerability in Cisco devices running IOS Software versions 15.2(04)M6 and 15.4(03)S configured with access control lists (ACLs) could allow an unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface permits the traffic to pass.;;The vulnerability is due to the physical interface ignoring the tunnel interface ACLs. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass denied traffic across tunnel interfaces. If successful, the user could pass traffic as if the ACLs did not exist.;;Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

Beschreibung: Summary:
A vulnerability in Cisco devices running IOS Software versions 15.2(04)M6 and 15.4(03)S configured with access control lists (ACLs) could allow an unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface permits the traffic to pass.

The vulnerability is due to the physical interface ignoring the tunnel interface ACLs. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass denied traffic across tunnel interfaces. If successful, the user could pass traffic as if the ACLs did not exist.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-6366
Cisco Security Advisory: 20151112 Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2
http://www.securitytracker.com/id/1034141

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105636
Kategorie:	CISCO
Titel:	Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability
Zusammenfassung:	A vulnerability in Cisco devices running IOS Software versions 15.2(04)M6 and 15.4(03)S configured with access control lists (ACLs) could allow an unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface permits the traffic to pass.;;The vulnerability is due to the physical interface ignoring the tunnel interface ACLs. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass denied traffic across tunnel interfaces. If successful, the user could pass traffic as if the ACLs did not exist.;;Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
Beschreibung:	Summary: A vulnerability in Cisco devices running IOS Software versions 15.2(04)M6 and 15.4(03)S configured with access control lists (ACLs) could allow an unauthenticated, remote user connected to a tunnel interface to bypass configured ACLs on tunnel interfaces if the ACL on the physical interface permits the traffic to pass. The vulnerability is due to the physical interface ignoring the tunnel interface ACLs. A user could exploit this vulnerability to bypass configured tunnel interface ACLs and pass denied traffic across tunnel interfaces. If successful, the user could pass traffic as if the ACLs did not exist. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6366 Cisco Security Advisory: 20151112 Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2 http://www.securitytracker.com/id/1034141
Copyright	Copyright (C) 2016 Greenbone AG