Vulnerability in Cisco Asr_9000_rsp440_router
CVE-2014-3396
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
EPSS: 0.003 (55.6th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- 20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)