Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Intrusion Prevention System Scanning Bypass Vulnerability

Cisco-SA-20060920-CVE-2006-4911 · Medium · Published · Updated

Cisco Intrusion Prevention System versions prior to 5.1(2) contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security scanning. This vulnerability is due to a failure to properly handle fragmented packets.  An unauthenticated, remote attacker can exploit this vulnerability by sending network requests in such a way that IPS detection rules are not triggered.  This can allow an attacker to circumvent IPS scanning and protection, allowing the attacker to potentially pass malicious traffic on secure networks. Cisco has confirmed this vulnerability in a security advisory and released updated software that corrects it. Attackers may attempt to exploit this vulnerability to carry out attacks against secondary targets.  Because the attacker can pass malicious traffic without scanning, IPS devices would be unable to mitigate such attacks.  It is likely that this type of vulnerability will be utilized in targeted attacks where the attacker has intimate knowledge of the network topology.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate software updates.

Administrators may consider employing secondary filtering devices until updates can be applied.

CVEsCVE-2006-4911
Cisco Bug IDsNA
CVSS ScoreBase 2.3
Product Names From Source
Cisco Intrusion Prevention System (IPS), Intrusion Prevention System (IPS)

Related Products

Product CVE Evidence
Intrusion Prevention System (IPS) CVE-2006-4911 Cisco OpenVuln
Cisco Intrusion Prevention System (IPS) CVE-2006-4911 Cisco OpenVuln