{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:ios_xr_software:7.10.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "7.10.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ios_xr_software:7.11.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "7.11.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T19:47:43.541856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:49:57.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:43:53.196Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
        "defects": [
          "CSCwh77265"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20322",
    "datePublished": "2024-03-13T16:43:53.196Z",
    "dateReserved": "2023-11-08T15:08:07.640Z",
    "dateUpdated": "2024-08-02T19:49:57.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T20:35:07.856911Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T20:35:20.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T16:12:15.494Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-xr792-bWfVDPY",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
        },
        {
          "name": "Crafting endless AS-PATHS in BGP",
          "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-xr792-bWfVDPY",
        "defects": [
          "CSCwf89955"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20141",
    "datePublished": "2025-03-12T16:12:15.494Z",
    "dateReserved": "2024-10-10T19:15:13.214Z",
    "dateUpdated": "2025-03-21T20:35:20.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."
    }
  ],
  "id": "CVE-2024-20322",
  "lastModified": "2025-08-05T14:41:53.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-13T17:15:48.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la gesti\u00f3n de paquetes espec\u00edficos que se env\u00edan desde una tarjeta de l\u00ednea a un procesador de rutas en la versi\u00f3n 7.9.2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque la interrupci\u00f3n del tr\u00e1fico del plano de control en varias plataformas Cisco IOS XR. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de los paquetes que se env\u00edan al procesador de rutas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico, que debe ser gestionado por la pila de Linux en el procesador de rutas, a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar la interrupci\u00f3n del tr\u00e1fico del plano de control, lo que resultar\u00eda en una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2025-20141",
  "lastModified": "2025-08-06T17:05:07.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-12T16:15:21.420",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Product"
      ],
      "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}