Vigil@nce - Cisco IOS: bypassing Virtual PPP ACL
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass ACLs on virtual PPP interfaces of Cisco IOS
when ACLs on physical interfaces are open, in order to access to
network services which should be forbidden.
– Impacted products: IOS Cisco, Cisco Router.
– Severity: 2/4.
– Creation date: 16/11/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS system uses ACL (Access Control Lists), which can be
applied on physical interfaces or on virtual PPP interfaces.
However, if ACLs on the physical interface allow the access, ACLs
on the virtual PPP interface are not taken into account.
An attacker can therefore bypass ACLs on virtual PPP interfaces of
Cisco IOS when ACLs on physical interfaces are open, in order to
access to network services which should be forbidden.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IOS-bypassing-Virtual-PPP-ACL-18311