CVE-2014-3396

Name of the Vulnerable Software and Affected Versions Cisco IOS XR on ASR 9000 devices (affected versions not specified)

Description The issue is related to the improper use of compression for port-range and address-range encoding in access control lists (ACLs) on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers. This allows remote attackers to bypass intended ACL restrictions via transit traffic. The vulnerability is due to incorrect port or address range encoding in the compression module of an ACL applied to an interface of an affected device. An attacker could exploit this by sending traffic through an affected device that should otherwise be denied by the configured ACL, potentially allowing access to trusted, internal networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.