Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1686

Опубликовано: 17 апр. 2019
Источник: nvd
CVSS3: 5.8
CVSS3: 8.6
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 5.1.1 (включая) до 6.5.2 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.5.3 (включая) до 6.6.1 (исключая)

Одно из

cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.0019
Низкий

5.8 Medium

CVSS3

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284
NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-9wr9-3p7g-gc32

CVSS3: 8.6
github
больше 3 лет назад

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.

fstec логотип

BDU:2019-01886

CVSS3: 8.6
fstec
почти 7 лет назад

Уязвимость механизма списка контроля доступа ACL операционной системы Cisco IOS XR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 41%
0.0019
Низкий

5.8 Medium

CVSS3

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284
NVD-CWE-Other