Lucene search

CiscoCVE-2015-6365

HistoryNov 14, 2015 - 3:59 a.m.

CVE-2015-6365

2015-11-1403:59:03

CWE-20

cisco

web.nvd.nist.gov

cisco

ios

acl

bypass

vulnerability

cisco ios 15.2

cisco ios 15.4

bug id cscur61303

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

29.6%

JSON

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303.

Affected configurations

Nvd

Node

ciscoiosMatch15.2\(4\)m

ciscoiosMatch15.4\(3\)m

VendorProductVersionCPE
ciscoios15.2(4)mcpe:2.3:o:cisco:ios:15.2\(4\)m:*:*:*:*:*:*:*
ciscoios15.4(3)mcpe:2.3:o:cisco:ios:15.4\(3\)m:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.2(4)m	cpe:2.3:o:cisco:ios:15.2\(4\)m:::::::*
cisco	ios	15.4(3)m	cpe:2.3:o:cisco:ios:15.4\(3\)m:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1

www.securitytracker.com/id/1034158

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

29.6%

JSON

Related for CVE-2015-6365