BugZero | Cisco BugID CSCwf81436 - SGT ACL applied is not enforced when l4 range is s...

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Last updated on January 9th, 2025

BugZero Risk Score
3.5 Low

Overall: 3.5

Severity: 3.7

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

TRH-SD105-1#show cts role-based counters from 10025 Role-based IPv4 counters From To SW-Denied HW-Denied SW-Permitt HW-Permitt SW-Monitor HW-Monitor 10025 103 0 27 0 0 0 0 10025 900 0 0 0 0 0 0 10025 901 0 0 0 0 0 0 10025 902 0 0 0 0 0 0 10025 999 0 0 0 0 0 0 TRH-SD105-1#show cts role-based permi from 10025 to 103 IPv4 Role-based permissions from group 10025:EPG_TRH_WLC_EPG to group 103:IT: RETURN_ACL-08 RBACL Monitor All for Dynamic Policies : FALSE RBACL Monitor All for Configured Policies : FALSE TRH-SD105-1#show ip access-lists RETURN_ACL-08 Role-based IP access list RETURN_ACL-08 (downloaded) 10 permit tcp src range 1 1024 dst range 1024 65535 (2 matches) <--- traffic is not being allowed 20 permit tcp src eq 3389 dst range 1024 65535 30 permit tcp src eq 8080 dst range 1024 65535 40 permit tcp src eq 8443 dst range 1024 65535 50 permit udp src range 1 1024 dst range 1024 65535 60 permit udp src eq 3389 dst range 1024 65535 70 permit udp src eq 8080 dst range 1024 65535 80 permit udp src eq 8443 dst range 1024 65535 90 permit icmp 100 deny ip log (6 matches) TRH-SD105-1#

Conditions

Workaround

Further Problem Description

Change history

No changes to display

Top Cisco Defects by Risk Score

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Last updated on January 9th, 2025

BugZero Risk Score
3.5 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects by Risk Score

Ready to prevent the next vendor outage?

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Cisco - Defect ID: CSCwf81436

SGT ACL applied is not enforced when l4 range is specified for both src and dst

Last updated on January 9th, 2025

BugZero Risk Score3.5 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects by Risk Score

Ready to prevent the next vendor outage?

BugZero Risk Score
3.5 Low