Title: Cisco Gigabit Switch Router with Fast/Gigabit Ethernet Cards ACL Bypass/DoS Vulnerabilities
Severity: MODERATE
Description:
Cisco Gigabit Switch Routers (GSRs), when used with configured Fast Ethernet/Gigabit Ethernet cards may forward traffic bypassing ACLs. This could lead to exploitation of vulnerabilities that would normally have been protected by the access control lists. It may also be possible for an attacker to cause an interface on the target GSR to stop forwarding packets, resulting in a denial of service. The evasion of ACLs has to do with optimizations in handling of various packet types and occurs only on the affected interfaces. This vulnerability only exists when Fast Ethernet/Gigabit Ethernet network interface cards are used with Gigabit Switch Routers. All versions of IOS greater than 11.2 on GSRs are assumed to be vulnerable.
Affected Products:
- Cisco Gigabit Switch Router 0.0.012008
- Cisco Gigabit Switch Router 0.0.012012
- Cisco Gigabit Switch Router 0.0.012016
- Cisco IOS 11.2
- Cisco IOS 11.2.10
- Cisco IOS 11.2.8
- Cisco IOS 11.2P
- Cisco IOS 11.3
- Cisco IOS 11.3.1
- Cisco IOS 12.0
- Cisco IOS 12.0.1
- Cisco IOS 12.0.2
- Cisco IOS 12.0.3
- Cisco IOS 12.0.4
- Cisco IOS 12.0.5
- Cisco IOS 12.0.6
- Cisco IOS 12.0.7
- Cisco IOS 12.1
References:
- Cisco Systems: Cisco 12000 Series Product Information
- Cisco Systems: Cisco Product Security Incident Response
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
