CVE-2014-2146
MEDIUMCisco IOS < 15.4(1)t1 and IOS XE < 15.4(3)s - Zone-Based Firewall Bypass via Spoofed Session Traffic
Title source: manualDescription
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93126
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=39129
Scores
CVSS v3
6.5
EPSS
0.0126
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (2)
cisco/ios
< 15.4\(1\)t1
cisco/ios_xe
< 15.4\(3\)s
Published
Sep 22, 2016
Tracked Since
Feb 18, 2026