icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Cisco IOS ACL Bypass (Bug ID CSCdi34061)

Medium

Synopsis

The remote host may allow unauthorized traffic to pass, despite configured access controls.

Description

The remote system appears to be vulnerable to a flaw in IOS when the keyword 'established' is being used in the ACLs. This bug can, under very specific circumstances and only with certain IP host implementations, allow unauthorized packets to circumvent a filtering router. This vulnerability is documented as Cisco Bug ID CSCdi34061.

Solution

http://www.cisco.com/warp/public/707/2.html