CVE-2015-0694
Cisco IOS XR 5.3.0.BASE - Improper Access Control via ACL Single-Host Constraint Bypass
Title source: llmDescription
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=38292
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032059
Scores
EPSS
0.0164
EPSS Percentile
73.5%
Details
CWE
CWE-284
Status
published
Products (7)
cisco/asr_9001
cisco/asr_9006
cisco/asr_9010
cisco/asr_9904
cisco/asr_9912
cisco/asr_9922
cisco/ios_xr
5.3.0_base
Published
Apr 11, 2015
Tracked Since
Feb 18, 2026