Cisco Context Based Access Control Protocol Check Bypassing Vulnerability

IOS is a Cisco Internetwork Operating System. It is maintained and distributed by Cisco, and used on various types of Cisco hardware.

A problem has been found in the checking of protocol by the system. The vulnerable version of IOS does not check the protocol type of the packets, thus making it possible for a system on either end of the connection to send data of a different type. One such instance would be a system on the protected network sending a UDP packet to a system outside of the protected network, and the external system returning a connection to the host via TCP using the pre-established IP address and port numbers.

This could allow a remote user to gather intelligence about a host, and potentially lead to an organized attack against network resources.


Privacy Statement
Copyright 2010, SecurityFocus