Cisco Access Control List Fragment Non-blocking Vulnerability

Cisco Access Control List Fragment Non-blocking Vulnerability

Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems.

IOS on Cisco 12000 series routers with Engine 2 based cards do not properly filter fragmented packets with access control entries. Non-initial fragmented packets sent to a protected host will bypass the ACL.

This could allow a user to communicate with 'protected' hosts, bypassing security policy.