Vigil@nce - Cisco ASA, FWSM: bypassing ACL via time-range
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass an ACL of Cisco ASA and FWSM, which uses the time-range object.
Impacted products: ASA, Cisco Catalyst, IOS, Cisco Router xx00 Series
Creation date: 23/04/2013
DESCRIPTION OF THE VULNERABILITY
The time-range object is used to define a time range to be applied on an ACL.
However, the periodic time-range object is not correctly implemented, and it is ignored.
An attacker can therefore bypass an ACL of Cisco ASA and FWSM, which uses the time-range object.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN