CVE-2019-1686Improper Access Control in Cisco IOS XR Software

CWE-284Improper Access Control4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 59.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedApr 17
Latest updateMay 13

Description

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability b

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.5.2+1
NVDcisco/ios_xr5.1.16.5.2+1

🔴Vulnerability Details

2
GHSA
GHSA-9wr9-3p7g-gc32: A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow2022-05-13
CVEList
Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability2019-04-17

📋Vendor Advisories

1
Cisco
Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability2019-04-17
CVE-2019-1686 — Improper Access Control in Cisco | cvebase