The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.
In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of pass.
There are workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2gCB8vu
The vulnerability is due to a logic flaw in a corner case scenario. An attacker could exploit this vulnerability by sending traffic that would have been dropped by the policy.
In a Zone-Based Firewall setup, if only one zone pair is defined in the egress direction but there is no reverse zone pair defined in the opposite direction, return traffic should be dropped instead of allowed for traffic subject to the egress action of pass.
There are workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2gCB8vu
Security Impact Rating: Medium
CVE: CVE-2016-9201
from Cisco Security Advisory http://ift.tt/2gCB8vu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.