The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2016-09-22 17:59
Updated : 2025-04-12 10:46
NVD link : CVE-2014-2146
Mitre link : CVE-2014-2146
CVE.ORG link : CVE-2014-2146
JSON object : View
Products Affected
                cisco
- ios_xe
- ios
CWE
                
                    
                        
                        CWE-20
                        
            Improper Input Validation
