CVE-2025-20144

CWE-284Improper Access Control4 documents4 sources
Severity
5.8MEDIUM
EPSS
0.1%
top 77.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMar 12

Description

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software43 versions+42
NVDcisco/ios_xr43 versions+42

🔴Vulnerability Details

2
GHSA
GHSA-82g5-9hm8-rvm3: A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote att2025-03-12
CVEList
Cisco IOS XR Software Access Control List Bypass Vulnerability2025-03-12

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Hybrid Access Control List Bypass Vulnerability2025-03-12