• info
• discussion
• exploit
• solution
• references

Cisco IOS Software Input Access List Leakage with NAT

It is reported that Cisco routers running versions 12.0 are affected by a vulnerability which allows packets to bypass input filter rules.

When certain versions of Cisco IOS are configured with both input access lists and NAT, an interaction between different software bugs allows packets to bypass the input filter rules.

This situation allows for a false sense of security by the administrators of affected devices.

This may allow an attacker to circumvent access control restrictions, possibly aiding them in further compromise of protected computers.