CVE-2015-6366

Cisco IOS 15.2(04)M6 and 15.4(03)S - Improper Access Control via Tunnel Interface Bypass

Title source: llm
STIX 2.1

Description

Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034141

Scores

EPSS 0.0164
EPSS Percentile 73.5%

Details

CWE
CWE-284
Status published
Products (2)
cisco/ios 15.2\(4\)m6
cisco/ios 15.4\(3\)s
Published Nov 13, 2015
Tracked Since Feb 18, 2026