Cisco ASA and FWSM Time-Range Object Access List Bypass Vulnerability

Last Update Date: 25 Apr 2013 10:54 Release Date: 25 Apr 2013 4421 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability in the implementation of the time-range object could allow an unauthenticated, remote attacker to bypass access lists that are using the time-range option.

 

The vulnerability is due to improper implementation of the code for the time-range object, when the periodic command is used. Due to this issue, the time-range object may have no effect. Therefore, depending on the access-list statement (permit or deny), an attacker could bypass the access list. An attacker could exploit this vulnerability by sending traffic through the affected system.

 

Note: Vendor patch is currently unavailable.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Firewall Services Module (FWSM)

Solutions

  • Note: Vendor patch is currently unavailable.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Oracle Java Reflection API Vulnerability

25 Apr 2013 4568 Views

Next

WordPress WP Super Cache Plugin PHP Code Execution Vulnerability

26 Apr 2013 4412 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY