Cisco Gigabit Switch Router with Fast/Gigabit Ethernet Cards ACL Bypass/DoS Vulnerabilities

Cisco Gigabit Switch Routers (GSRs), when used with configured Fast Ethernet/Gigabit Ethernet cards may forward traffic bypassing ACLs. This could lead to exploitation of vulnerabilities that would normally have been protected by the access control lists. It may also be possible for an attacker to cause an interface on the target GSR to stop forwarding packets, resulting in a denial of service. The evasion of ACLs has to do with optimizations in handling of various packet types and occurs only on the affected interfaces. This vulnerability only exists when Fast Ethernet/Gigabit Ethernet network interface cards are used with Gigabit Switch Routers. All versions of IOS greater than 11.2 on GSRs are assumed to be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus