5.3
CVE-2025-20159
- EPSS 0.03%
- Veröffentlicht 10.09.2025 16:15:35
- Zuletzt bearbeitet 11.09.2025 17:14:10
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IOS XR Software
Default Statusunknown
Version
6.6.1
Status
affected
Version
6.5.3
Status
affected
Version
7.0.1
Status
affected
Version
6.6.11
Status
affected
Version
6.5.1
Status
affected
Version
6.5.2
Status
affected
Version
6.6.2
Status
affected
Version
6.6.12
Status
affected
Version
6.6.25
Status
affected
Version
7.1.1
Status
affected
Version
7.0.90
Status
affected
Version
6.6.3
Status
affected
Version
7.0.2
Status
affected
Version
7.1.2
Status
affected
Version
7.2.1
Status
affected
Version
7.0.11
Status
affected
Version
7.0.12
Status
affected
Version
7.0.14
Status
affected
Version
6.6.4
Status
affected
Version
7.2.12
Status
affected
Version
7.3.1
Status
affected
Version
7.4.1
Status
affected
Version
7.2.2
Status
affected
Version
7.3.15
Status
affected
Version
7.3.16
Status
affected
Version
7.4.15
Status
affected
Version
7.3.2
Status
affected
Version
7.5.1
Status
affected
Version
7.4.16
Status
affected
Version
7.3.27
Status
affected
Version
7.6.1
Status
affected
Version
7.5.2
Status
affected
Version
7.8.1
Status
affected
Version
7.6.15
Status
affected
Version
7.5.12
Status
affected
Version
7.8.12
Status
affected
Version
7.3.4
Status
affected
Version
7.3.3
Status
affected
Version
7.4.2
Status
affected
Version
7.7.1
Status
affected
Version
7.6.2
Status
affected
Version
7.5.3
Status
affected
Version
7.7.2
Status
affected
Version
7.9.1
Status
affected
Version
7.10.1
Status
affected
Version
7.8.2
Status
affected
Version
7.5.4
Status
affected
Version
7.8.22
Status
affected
Version
7.7.21
Status
affected
Version
7.9.2
Status
affected
Version
7.3.5
Status
affected
Version
7.5.5
Status
affected
Version
7.11.1
Status
affected
Version
7.10.2
Status
affected
Version
24.1.1
Status
affected
Version
7.3.6
Status
affected
Version
7.5.52
Status
affected
Version
7.11.2
Status
affected
Version
24.2.1
Status
affected
Version
24.1.2
Status
affected
Version
24.2.11
Status
affected
Version
24.3.1
Status
affected
Version
24.4.1
Status
affected
Version
24.2.2
Status
affected
Version
7.11.21
Status
affected
Version
24.2.20
Status
affected
Version
24.3.2
Status
affected
Version
25.1.1
Status
affected
Version
24.4.2
Status
affected
Version
24.3.20
Status
affected
Version
25.1.2
Status
affected
Version
24.3.30
Status
affected
Version
24.4.30
Status
affected
Version
24.2.21
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.