CVE-2025-20339Improper Access Control in Cisco Sd-wan Vedge Cloud

CWE-284Improper Access Control4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.0%
top 91.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan Vedge CloudCisco Sd-wan Vedge Router
Timeline
PublishedSep 24

Description

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_sd-wan_vedge_cloud12 versions+11
CVEListV5cisco/cisco_sd-wan_vedge_router32 versions+31

🔴Vulnerability Details

2
GHSA
GHSA-97xx-3c9q-f5rx: A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote atta2025-09-24
CVEList
Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability2025-09-24

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability2025-09-24
CVE-2025-20339 — Improper Access Control in Cisco | cvebase