5.3
CVE-2025-20159
- EPSS 0.03%
- Veröffentlicht 10.09.2025 16:15:35
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco IOS XR Software Management Interface ACL Bypass Vulnerability
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IOS XR Software
Default Statusunknown
Version
6.6.1
Status
affected
Version
6.5.3
Status
affected
Version
7.0.1
Status
affected
Version
6.6.11
Status
affected
Version
6.5.1
Status
affected
Version
6.5.2
Status
affected
Version
6.6.2
Status
affected
Version
6.6.12
Status
affected
Version
6.6.25
Status
affected
Version
7.1.1
Status
affected
Version
7.0.90
Status
affected
Version
6.6.3
Status
affected
Version
7.0.2
Status
affected
Version
7.1.2
Status
affected
Version
7.2.1
Status
affected
Version
7.0.11
Status
affected
Version
7.0.12
Status
affected
Version
7.0.14
Status
affected
Version
6.6.4
Status
affected
Version
7.2.12
Status
affected
Version
7.3.1
Status
affected
Version
7.4.1
Status
affected
Version
7.2.2
Status
affected
Version
7.3.15
Status
affected
Version
7.3.16
Status
affected
Version
7.4.15
Status
affected
Version
7.3.2
Status
affected
Version
7.5.1
Status
affected
Version
7.4.16
Status
affected
Version
7.3.27
Status
affected
Version
7.6.1
Status
affected
Version
7.5.2
Status
affected
Version
7.8.1
Status
affected
Version
7.6.15
Status
affected
Version
7.5.12
Status
affected
Version
7.8.12
Status
affected
Version
7.3.4
Status
affected
Version
7.3.3
Status
affected
Version
7.4.2
Status
affected
Version
7.7.1
Status
affected
Version
7.6.2
Status
affected
Version
7.5.3
Status
affected
Version
7.7.2
Status
affected
Version
7.9.1
Status
affected
Version
7.10.1
Status
affected
Version
7.8.2
Status
affected
Version
7.5.4
Status
affected
Version
7.8.22
Status
affected
Version
7.7.21
Status
affected
Version
7.9.2
Status
affected
Version
7.3.5
Status
affected
Version
7.5.5
Status
affected
Version
7.11.1
Status
affected
Version
7.10.2
Status
affected
Version
24.1.1
Status
affected
Version
7.3.6
Status
affected
Version
7.5.52
Status
affected
Version
7.11.2
Status
affected
Version
24.2.1
Status
affected
Version
24.1.2
Status
affected
Version
24.2.11
Status
affected
Version
24.3.1
Status
affected
Version
24.4.1
Status
affected
Version
24.2.2
Status
affected
Version
7.11.21
Status
affected
Version
24.2.20
Status
affected
Version
24.3.2
Status
affected
Version
25.1.1
Status
affected
Version
24.4.2
Status
affected
Version
24.3.20
Status
affected
Version
25.1.2
Status
affected
Version
24.3.30
Status
affected
Version
24.4.30
Status
affected
Version
24.2.21
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.