CVE-2015-6366

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.2(04)M6 through 15.4(03)S

Description The issue is related to deficiencies in the access control list management procedure in Cisco IOS. It allows a remote attacker to bypass network traffic access restrictions by utilizing tunnels. This can enable unauthorized access to network traffic.

Recommendations For versions 15.2(04)M6 and 15.4(03)S, update to a version that includes the fix for this issue, as released by Cisco. As a temporary workaround, consider restricting access to tunnel interfaces to minimize the risk of exploitation.