CVE-2023-20191Improper Access Control in Cisco IOS XR

CWE-284Improper Access ControlCWE-863Incorrect Authorization4 documents4 sources
Severity
7.5HIGHNVD
CNA5.8
EPSS
0.0%
top 94.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XRCisco IOS XR Software
Timeline
PublishedSep 13

Description

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software31 versions+30
NVDcisco/ios_xr7.87.9.2+2

🔴Vulnerability Details

2
GHSA
GHSA-5hxg-4c73-j4wf: A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauth2023-09-13
CVEList
CVE-2023-20191: A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauth2023-09-13

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Access Control List Bypass Vulnerability2023-09-13
CVE-2023-20191 — Improper Access Control in Cisco | cvebase