CVE-2015-6366
Cisco IOS 15.2(04)M6 and 15.4(03)S - Improper Access Control via Tunnel Interface Bypass
Title source: llmDescription
Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034141
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2
Scores
EPSS
0.0164
EPSS Percentile
73.5%
Details
CWE
CWE-284
Status
published
Products (2)
cisco/ios
15.2\(4\)m6
cisco/ios
15.4\(3\)s
Published
Nov 13, 2015
Tracked Since
Feb 18, 2026