9.1

CVE-2025-20221

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. 

 This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xe Version16.12.13
CiscoIos Xe Version17.1.1
CiscoIos Xe Version17.1.1s
CiscoIos Xe Version17.1.1t
CiscoIos Xe Version17.1.3
CiscoIos Xe Version17.2.1
CiscoIos Xe Version17.2.1a
CiscoIos Xe Version17.2.1r
CiscoIos Xe Version17.2.1v
CiscoIos Xe Version17.2.2
CiscoIos Xe Version17.2.3
CiscoIos Xe Version17.3.1
CiscoIos Xe Version17.3.1a
CiscoIos Xe Version17.3.2
CiscoIos Xe Version17.3.2a
CiscoIos Xe Version17.3.3
CiscoIos Xe Version17.3.4
CiscoIos Xe Version17.3.4a
CiscoIos Xe Version17.3.5
CiscoIos Xe Version17.3.6
CiscoIos Xe Version17.3.7
CiscoIos Xe Version17.3.8
CiscoIos Xe Version17.3.8a
CiscoIos Xe Version17.4.1
CiscoIos Xe Version17.4.1a
CiscoIos Xe Version17.4.1b
CiscoIos Xe Version17.4.2
CiscoIos Xe Version17.5.1
CiscoIos Xe Version17.5.1a
CiscoIos Xe Version17.6.1
CiscoIos Xe Version17.6.1a
CiscoIos Xe Version17.6.1y
CiscoIos Xe Version17.6.2
CiscoIos Xe Version17.6.3
CiscoIos Xe Version17.6.3a
CiscoIos Xe Version17.6.4
CiscoIos Xe Version17.6.5
CiscoIos Xe Version17.6.5a
CiscoIos Xe Version17.6.6
CiscoIos Xe Version17.6.6a
CiscoIos Xe Version17.6.7
CiscoIos Xe Version17.6.8
CiscoIos Xe Version17.6.8a
CiscoIos Xe Version17.7.1
CiscoIos Xe Version17.7.1a
CiscoIos Xe Version17.7.2
CiscoIos Xe Version17.8.1
CiscoIos Xe Version17.8.1a
CiscoIos Xe Version17.9.1
CiscoIos Xe Version17.9.1a
CiscoIos Xe Version17.9.2
CiscoIos Xe Version17.9.2a
CiscoIos Xe Version17.9.3
CiscoIos Xe Version17.9.3a
CiscoIos Xe Version17.9.4
CiscoIos Xe Version17.9.4a
CiscoIos Xe Version17.9.5
CiscoIos Xe Version17.9.5a
CiscoIos Xe Version17.9.5b
CiscoIos Xe Version17.9.5e
CiscoIos Xe Version17.9.5f
CiscoIos Xe Version17.9.6
CiscoIos Xe Version17.9.6a
CiscoIos Xe Version17.10.1
CiscoIos Xe Version17.10.1a
CiscoIos Xe Version17.10.1b
CiscoIos Xe Version17.11.1
CiscoIos Xe Version17.11.1a
CiscoIos Xe Version17.12.1
CiscoIos Xe Version17.12.1a
CiscoIos Xe Version17.12.1z2
CiscoIos Xe Version17.12.2
CiscoIos Xe Version17.12.3
CiscoIos Xe Version17.12.3a
CiscoIos Xe Version17.12.4
CiscoIos Xe Version17.12.4a
CiscoIos Xe Version17.12.4b
CiscoIos Xe Version17.13.1
CiscoIos Xe Version17.13.1a
CiscoIos Xe Version17.14.1
CiscoIos Xe Version17.14.1a
CiscoIos Xe Version17.15.1
CiscoIos Xe Version17.15.1a
CiscoIos Xe Version17.15.1x
CiscoIos Xe Version17.15.2
CiscoIos Xe Version17.15.2b
CiscoIos Xe Version17.15.2c
CiscoIos Xe Version17.16.1
CiscoIos Xe Version17.16.1a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.