Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-20190

Опубликовано: 13 сент. 2023
Источник: nvd
CVSS3: 5.8
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.

This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.

There are workarounds that address this vulnerability.

This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Resp

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия до 7.3.5 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 7.5 (включая) до 7.5.4 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 7.6 (включая) до 7.8.2 (исключая)
cpe:2.3:o:cisco:ios_xr:7.9:*:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00047
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-264
CWE-863

Связанные уязвимости

github логотип

GHSA-j3jp-5cvm-4wvf

CVSS3: 5.8
github
больше 2 лет назад

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Respo...

fstec логотип

BDU:2023-05814

CVSS3: 5.8
fstec
больше 3 лет назад

Уязвимость функции сжатия списка управления доступом (ACL) операционной системы Cisco IOS XR, позволяющая нарушителю обойти ограничения безопасности и получить доступ к доверенным сетям

EPSS

Процентиль: 14%
0.00047
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-264
CWE-863