← Back

CVE-2015-0694

nvd nist
Published: Apr 11, 2015Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.

Affected (7)

Cisco
7 products
Ios Xr
Asr 9001
Asr 9006
Asr 9010
Asr 9904
Asr 9912
Asr 9922
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Ios Xr
Version 5.3.0_base
Asr 9001
All versions
Asr 9006
All versions
Asr 9010
All versions
Asr 9904
All versions
Asr 9912
All versions
Asr 9922
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.