CVE-2025-20144 in IOS XRinfo

Zusammenfassung

von MITRE • 12.03.2025

A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.

This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Cisco

Reservieren

10.10.2024

Veröffentlichung

12.03.2025

Moderieren

akzeptiert

Eintrag

VDB-299578

CPE

bereit

EPSS

0.00322

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!