CVE-2014-2146

MEDIUM

Cisco IOS < 15.4(1)t1 and IOS XE < 15.4(3)s - Zone-Based Firewall Bypass via Spoofed Session Traffic

Title source: manual
STIX 2.1

Description

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93126
Vendor Advisory vendor-advisory x_refsource_cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=39129

Scores

CVSS v3 6.5
EPSS 0.0126
EPSS Percentile 66.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-20
Status published
Products (2)
cisco/ios < 15.4\(1\)t1
cisco/ios_xe < 15.4\(3\)s
Published Sep 22, 2016
Tracked Since Feb 18, 2026