A Vulnerability in IOS Firewall Feature Set - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

The IOS Firewall Feature set, also known as Cisco Secure Integrated
Software, also known as Context Based Access Control (CBAC), and
introduced in IOS version 11.2P, has a vulnerability that permits
traffic normally expected to be denied by the dynamic access control
lists.
This vulnerability is documented as Cisco Bug ID CSCdv48261.
No other Cisco product is vulnerable.
There is no workaround.

See also :

http://www.nessus.org/u?d7b48f6d
http://www.nessus.org/u?0c0a0348

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20011128-ios-cbac-dynacl.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 48962 (cisco-sa-20011128-ios-cbac-dynaclhttp.nasl)

Bugtraq ID: 3588

CVE ID: CVE-2001-0929