• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco Context Based Access Control Protocol Check Bypassing Vulnerability

Severity: MODERATE

Description:

IOS is a Cisco Internetwork Operating System. It is maintained and distributed by Cisco, and used on various types of Cisco hardware.

A problem with IOS makes it possible for a remote user to access protected systems through a vulnerable firewall. The problem is in the checking of protocol types.

Context Based Access Control is the stateful firewall implementation used with Cisco IOS software. When a system inside the protected network initiates a connection with a system outside of the network, a state entry of the connection is made in a table on the firewall system. This state entry records the connecting and receiving host, as well as the port numbers.

The problem is in the checking of protocol. The vulnerable version of IOS does not check the protocol type of the packets, thus making it possible for a system on either end of the connection to send data of a different type. One such instance would be a system on the protected network sending a UDP packet to a system outside of the protected network, and the external system returning a connection to the host via TCP using the pre-established IP address and port numbers.

This could allow a remote user to gather intelligence about a host, and potentially lead to an organized attack against network resources.

Affected Products:

• Cisco IOS 11.2P
• Cisco IOS 11.3T
• Cisco IOS 12.0T
• Cisco IOS 12.0XA
• Cisco IOS 12.0XB
• Cisco IOS 12.0XC
• Cisco IOS 12.0XD
• Cisco IOS 12.0XE
• Cisco IOS 12.0XG
• Cisco IOS 12.0XI
• Cisco IOS 12.0XK
• Cisco IOS 12.0XM
• Cisco IOS 12.0XQ
• Cisco IOS 12.0XR
• Cisco IOS 12.0XV
• Cisco IOS 12.1
• Cisco IOS 12.1E
• Cisco IOS 12.1T
• Cisco IOS 12.1XB
• Cisco IOS 12.1XC
• Cisco IOS 12.1XF
• Cisco IOS 12.1XG
• Cisco IOS 12.1XH
• Cisco IOS 12.1XI
• Cisco IOS 12.1XJ
• Cisco IOS 12.1XK
• Cisco IOS 12.1XL
• Cisco IOS 12.1XM
• Cisco IOS 12.1XP
• Cisco IOS 12.1XT
• Cisco IOS 12.1YB
• Cisco IOS 12.1YC
• Cisco IOS 12.1YE
• Cisco IOS 12.1YF
• Cisco IOS 12.2
• Cisco IOS 12.2DD
• Cisco IOS 12.2T
• Cisco IOS 12.2XD
• Cisco IOS 12.2XE
• Cisco IOS 12.2XH
• Cisco IOS 12.2XI
• Cisco IOS 12.2XJ
• Cisco IOS 12.2XK
• Cisco IOS 12.2XQ

References:

• Cisco: A Vulnerability in IOS Firewall Feature Set

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.