Cisco IOS Software Access Control List Bypass Vulnerability

A vulnerability in Cisco IOS Software access control lists (ACLs) that use object groups could occasionally allow an unauthenticated, remote attacker to bypass the ACL.

The vulnerability is due to a race condition between process switching and Cisco Express Forwarding switching while evaluating ACLs with object groups. An attacker could exploit this vulnerability by sending enough traffic through an affected router to trigger the race condition.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send enough traffic to trigger a race condition on the targeted device. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.