Cisco IOS Port ACL Bypass Vulnerability

bakingdaskapital1 · ‎10-10-2016

Hello.

Our team has provided a technical support for WS-C6513-E device for a client. During a security audit, the client issued a IOS patch regarding "Cisco IOS Port ACL Bypass Vulnerability"

This vulnerability (bug id : CSCuy64806) affects IOS 12.2(33)SXJ9.1 version, while the IOS version of the device is Version 15.0(1)SY6.

Dose this device still has the vulnerability of port ACL Bypass?

If so, is upgrading the IOS to fixed version only solution?

I have to give an answer to our team about this issue.

And upgrading IOS of backbone switch needs downtime, I want to make 100% sure.

Thank you in advance.

Mark Malone · ‎10-10-2016

Dose this device still has the vulnerability of port ACL Bypass?

yes the bug is still in the version

If so, is upgrading the IOS to fixed version only solution?

No they advise it can be mitigated through configuration as well in the bug release , but your better off upgrading to avoid bugs

And upgrading IOS of backbone switch needs downtime, I want to make 100% sure.

That depends on your setup , if using eFSU/issu and dual sups or VSS no probably not , but if using single sup then yes it will need to reboot to bring IOS online