Vigil@nce - Cisco IOS XR: bypassing ACL via compression
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass ACLs of Cisco IOS XR which use ranges, in
order to access to a service which should be filtered.
– Impacted products: Cisco ASR, IOS XR
– Severity: 2/4
– Creation date: 06/10/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS XR product encodes port and addresses ranges
indicated in ACLs, by compressing them.
However, this compression is incorrect. The range which is
actually allowed is thus larger.
An attacker can therefore bypass ACLs of Cisco IOS XR which use
ranges, in order to access to a service which should be filtered.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-XR-bypassing-ACL-via-compression-15444