Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0942 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability 13 April 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Aggregate Services Router 9000 Publisher: Cisco Systems Operating System: Cisco Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-0694 Original Bulletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=38292 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Alert Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability Threat Type: CWE-264: Permissions, Privileges, and Access Control IntelliShield ID: 38292 Version: 1 First Published: 2015 April 09 20:41 GMT Last Published: 2015 April 09 20:41 GMT Port: Not available CVE: CVE-2015-0694 Urgency: Unlikely Use Credibility: Confirmed Severity: Mild Damage CVSS Base: 5.0 CVSS Calculator CVSS Version 2.0 CVSS Temporal: 4.1 Version Summary: Cisco Aggregation Services Router 9000 software contains a vulnerability that could allow an attacker to bypass security protections. Description A vulnerability in the Object-ACL matching process of Cisco Aggregation Services Router 9000 (ASR9K) could allow an unauthenticated, remote attacker to bypass the protection offered by a configured access control list (ACL) on an affected device. The vulnerability is due to ASR9K incorrectly handling host access control entries by incorrectly matching any address instead of the specified host address. An attacker could exploit this vulnerability to bypass the access control list leading to traffic loss or unwanted permits. Cisco has confirmed the vulnerability and released software updates. Warning Indicators At the time this alert was first published, Cisco Aggregation Services Router 9000 software version 5.3.0.BASE was vulnerable. Other versions of Cisco Aggregation Services Router 9000 software may also be affected. IntelliShield Analysis The impact of an exploit depends on ACLs in use on the affected system. Attackers who could bypass the configured ACLs could gain access to restricted network resources, possibly resulting in attackers gaining access to critical systems. Affected systems are not impacted if no ACLs are configured, or ACLs do not use host values. Specialized exploit code is not required to exploit the vulnerability. Vendor Announcements Cisco has released bug ID CSCur28806 for registered users that contains additional details and an up-to-date list of affected product versions. Impact An unauthenticated, remote attacker could exploit this vulnerability to bypass ACL protections and gain access to restricted network resources, possibly leading to information disclosure or unauthorized access. Technical Information The vulnerability is due to improper matching of addresses within access control list (ACL) entries. The affected software matches any address when the host address is used in ACLs. An unauthenticated, remote attacker could exploit the vulnerability by sending network requests to the targeted device. The improper processing of the source addresses could allow the attacker to bypass access control lists and possibly gain unauthorized access to network resources that should be restricted. Safeguards Administrators are advised to apply the appropriate updates. Administrators are advised to replace the host value in configured ACLs with the ip/32 value. Administrators are advised to monitor affected systems. Patches/Software Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via email at tac@cisco.com. Alert History Initial Release Product Sets The security vulnerability applies to the following combinations of products. Primary Products: Cisco Cisco ASR 9000 Series Aggregation Services Routers 5.3.0 Base - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVSswwxLndAQH1ShLAQJ5ig//RSrHFhFwpecgeQCkIYx4NtYwHb0npQJE de7x3EyituY4iIMCMtpvZRvsday++IoyJkpm+PQKFNLDzlgocHWTWCu3D9mdSuJC qo8dEqGtQKXVLB3y5aMplpiS9hA+chc7b5g+cBQ7rVQWGxJt6J3QRCOFjvTzpzvp rOeoZXYDVDAkBiryxVApGoZ9qfROENJJd2qt1jddMey3xPOBJih5i+5FqwyC9Tvf +TWq1gpTb73pGv4fjveOPUqrpUH18FFqzqRJXDLbez1WSnTGEgXCSp8BI4nP9Zyo H4XUu0nmK+KyEG833iS8i3x0M2C8J34D2yFfOX9lAKxdyVn+AEYK93z589olqsQR D1zSXm1Z6YPPDl8Kn7LbhcCZCHsxxJ/hToHWtMRtKQNtNBL2z8aTGGfbdFtMxZDi xlEjJA2VW8xFMgyFwXxhdUJF2IsryrERystPevl32m6qIFDfuwqfjGUCq0oV+AJD mvaJpl4jls865nY+4yB9GxRRMEr5aO1iYcM++JR1Eempb6Khau0KDgfO09T9Sijz IpsKw5aaQ9NQy1UR53i7ldXmkqg1IhVfRc4Dmq0S+CBCsIXb3YNIx5c1FTML1yWf ZTslLv48NNlzLGjdqiytYQj2eRZyp8RkxZCpJUgoiVZF6CLr4Fo0YfqgkOrjTHW+ KzMAY++olS8= =VUHU -----END PGP SIGNATURE-----