Описание
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cisco:ios_xr:5.3.0_base:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00365
Низкий
5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
EPSS
Процентиль: 58%
0.00365
Низкий
5 Medium
CVSS2
Дефекты
CWE-284