CVE-2015-0694Improper Access Control in Cisco IOS XR

CWE-284Improper Access ControlCWE-2645 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 41.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedApr 11
Latest updateMay 17

Description

Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xr5.3.0_base

🔴Vulnerability Details

2
GHSA
GHSA-qpjg-v5w5-9439: Cisco ASR 9000 devices with software 52022-05-17
CVEList
CVE-2015-0694: Cisco ASR 9000 devices with software 52015-04-11

📋Vendor Advisories

1
Cisco
Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability2015-04-09

💬Community

1
Bugzilla
CVE-2014-8172 kernel: soft lockup on aio2015-03-04
CVE-2015-0694 — Improper Access Control in Cisco IOS XR | cvebase