Cisco Fragment Keyword Outgoing Access Control Vulnerability

IOS is the Cisco Internet Operating System, distributed with and used on various Cisco network hardware.

A possible vulnerability in IOS on the 12000 series Cisco routers could make it possible for a remote user to send unauthorized traffic to a protected network. IOS for the Cisco 12000 has only recently added the ability to filter fragmented packets in outgoing traffic. If a 'fragment' rule in an outgoing ACL exists in a version without this feature, attackers may be able to evade it and send fragmented packets to a protect network.

This vulnerability may result in attackers or users bypassing security policy.


 

Privacy Statement
Copyright 2010, SecurityFocus