发布时间 :2000-10-20 00:00:00
修订时间 :2008-09-05 16:21:40

[原文]Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.

[CNNVD]Cisco Gigabit Switch Routers (GSR)转发数据包漏洞(CNNVD-200010-085)

        带有Fast Ethernet / Gigabit Ethernet卡的从IOS版本11.2(15)GS1A 到11.2(19)GS0.2版本和其他一些12.0版本的Cisco Gigabit Switch Routers (GSR)不能正确线卡故障。远程攻击者可以利用该漏洞绕过ACLs或迫使接口特征转发数据包。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.0%287%29tCisco IOS 12.0(7)T
cpe:/o:cisco:ios:11.3Cisco IOS 11.3
cpe:/o:cisco:ios:11.2Cisco IOS 11.2
cpe:/o:cisco:ios:12.0Cisco IOS 12.0
cpe:/o:cisco:ios:12.0%285%29Cisco IOS 12.0.5
cpe:/o:cisco:ios:12.0%282%29Cisco IOS 12.0.2
cpe:/h:cisco:gigabit_switch_router_12012Cisco Gigabit Switch Router 12012
cpe:/o:cisco:ios:11.2%2810%29Cisco IOS 11.2.10
cpe:/o:cisco:ios:12.0%281%29Cisco IOS 12.0.1
cpe:/h:cisco:gigabit_switch_router_12016Cisco Gigabit Switch Router 12016
cpe:/o:cisco:ios:12.1Cisco IOS 12.1
cpe:/o:cisco:ios:11.2pCisco IOS 11.2P
cpe:/o:cisco:ios:12.0%284%29Cisco IOS 12.0.4
cpe:/h:cisco:gigabit_switch_router_12008Cisco Gigabit Switch Router 12008
cpe:/o:cisco:ios:11.3%281%29Cisco IOS 11.3.1
cpe:/o:cisco:ios:12.0%286%29Cisco IOS 12.0.6
cpe:/o:cisco:ios:12.0%283%29Cisco IOS 12.0.3
cpe:/o:cisco:ios:11.2%288%29Cisco IOS 11.2.8

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4937Cisco Gigabit Switch Routers (GSR) Authentication Circumvention Vulnerability

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  CISCO  20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards

- 漏洞信息

Cisco Gigabit Switch Routers (GSR)转发数据包漏洞
中危 未知
2000-10-20 00:00:00 2005-08-17 00:00:00
        带有Fast Ethernet / Gigabit Ethernet卡的从IOS版本11.2(15)GS1A 到11.2(19)GS0.2版本和其他一些12.0版本的Cisco Gigabit Switch Routers (GSR)不能正确线卡故障。远程攻击者可以利用该漏洞绕过ACLs或迫使接口特征转发数据包。

- 公告与补丁


- 漏洞信息

Cisco Gigabit Switch Routers (GSR) Line Card Failure ACL Bypass

- 漏洞描述

Cisco IOS on Cisco GSR devices contains a flaw that may allow a malicious user to bypass ACLs. The issue is triggered when unspecified types of packets are handled by the device. It is possible that the flaw may allow circumvention of access control lists resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2000-08-03 Unknow
Unknow Unknow

- 解决方案

Upgrade to version indicated in product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete