Vulnerabilites related to cisco - ncs_57c3-mod-sys
CVE-2024-20322 (GCVE-0-2024-20322)
Vulnerability from cvelistv5
Published
2024-03-13 16:43
Modified
2024-08-02 19:49
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 7.10.2
Version: 7.11.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:ios_xr_software:7.10.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "7.10.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ios_xr_software:7.11.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "7.11.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T19:47:43.541856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:49:57.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:43:53.196Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
        "defects": [
          "CSCwh77265"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20322",
    "datePublished": "2024-03-13T16:43:53.196Z",
    "dateReserved": "2023-11-08T15:08:07.640Z",
    "dateUpdated": "2024-08-02T19:49:57.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from cvelistv5
Published
2025-03-12 16:13
Modified
2025-03-14 15:31
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-274 - Improper Handling of Insufficient Privileges
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 7.0.1
Version: 7.0.0
Version: 7.1.1
Version: 7.0.90
Version: 6.7.1
Version: 7.0.2
Version: 7.1.15
Version: 7.2.0
Version: 7.2.1
Version: 7.1.2
Version: 6.7.2
Version: 7.0.11
Version: 7.0.12
Version: 7.0.14
Version: 7.1.25
Version: 7.2.12
Version: 7.3.1
Version: 7.1.3
Version: 6.7.3
Version: 7.4.1
Version: 7.2.2
Version: 6.7.4
Version: 7.3.15
Version: 7.3.16
Version: 6.8.1
Version: 7.4.15
Version: 7.3.2
Version: 7.5.1
Version: 7.4.16
Version: 7.3.27
Version: 7.6.1
Version: 7.5.2
Version: 7.8.1
Version: 7.6.15
Version: 7.5.12
Version: 7.3.3
Version: 7.7.1
Version: 6.8.2
Version: 7.3.4
Version: 7.4.2
Version: 6.7.35
Version: 6.9.1
Version: 7.6.2
Version: 7.5.3
Version: 7.7.2
Version: 6.9.2
Version: 7.9.1
Version: 7.10.1
Version: 7.8.2
Version: 7.5.4
Version: 7.8.22
Version: 7.7.21
Version: 7.9.2
Version: 7.3.5
Version: 7.5.5
Version: 7.11.1
Version: 7.9.21
Version: 7.10.2
Version: 24.1.1
Version: 7.6.3
Version: 7.3.6
Version: 7.11.2
Version: 24.2.1
Version: 24.1.2
Version: 24.2.11
Version: 24.3.1
Version: 7.8.23
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20177",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T03:55:23.530580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T15:31:19.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.90"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "7.0.11"
            },
            {
              "status": "affected",
              "version": "7.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.25"
            },
            {
              "status": "affected",
              "version": "7.2.12"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "6.7.4"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.3.16"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.15"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.16"
            },
            {
              "status": "affected",
              "version": "7.3.27"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.6.15"
            },
            {
              "status": "affected",
              "version": "7.5.12"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.3.4"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "6.7.35"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            },
            {
              "status": "affected",
              "version": "7.9.21"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            },
            {
              "status": "affected",
              "version": "7.11.2"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            },
            {
              "status": "affected",
              "version": "24.1.2"
            },
            {
              "status": "affected",
              "version": "24.2.11"
            },
            {
              "status": "affected",
              "version": "24.3.1"
            },
            {
              "status": "affected",
              "version": "7.8.23"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-274",
              "description": "Improper Handling of Insufficient Privileges",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T16:13:04.362Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
        },
        {
          "name": "Crafting endless AS-PATHS in BGP",
          "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
        "defects": [
          "CSCwk67262"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20177",
    "datePublished": "2025-03-12T16:13:04.362Z",
    "dateReserved": "2024-10-10T19:15:13.220Z",
    "dateUpdated": "2025-03-14T15:31:19.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20064 (GCVE-0-2023-20064)
Vulnerability from cvelistv5
Published
2023-03-09 00:00
Modified
2024-10-25 16:03
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Summary
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230308 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20064",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:23.610206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:03:12.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-09T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230308 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-load-infodisc-9rdOr5Fq",
        "defect": [
          [
            "CSCvz42457",
            "CSCwc97332",
            "CSCwd61802",
            "CSCwd61820",
            "CSCwd79460"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20064",
    "datePublished": "2023-03-09T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:03:12.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20144 (GCVE-0-2025-20144)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:33
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 6.5.3
Version: 6.5.2
Version: 6.5.92
Version: 6.5.1
Version: 6.6.2
Version: 7.0.1
Version: 6.6.25
Version: 6.6.1
Version: 6.5.93
Version: 7.1.1
Version: 7.0.90
Version: 6.6.3
Version: 7.0.2
Version: 7.2.1
Version: 7.1.2
Version: 6.6.4
Version: 7.3.1
Version: 7.4.1
Version: 7.2.2
Version: 7.3.2
Version: 7.5.1
Version: 7.6.1
Version: 7.5.2
Version: 7.7.1
Version: 7.3.3
Version: 7.4.2
Version: 7.3.4
Version: 7.6.2
Version: 7.8.1
Version: 7.5.3
Version: 7.7.2
Version: 7.9.1
Version: 7.8.2
Version: 7.5.4
Version: 7.8.22
Version: 7.10.1
Version: 7.7.21
Version: 7.9.2
Version: 7.3.5
Version: 7.5.5
Version: 7.11.1
Version: 7.10.2
Version: 7.3.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20144",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T20:33:04.758400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T20:33:28.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.92"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.5.93"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.90"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.3.4"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the  section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T16:12:39.882Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ncs-hybridacl-crMZFfKQ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
        },
        {
          "name": "Crafting endless AS-PATHS in BGP",
          "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
        "defects": [
          "CSCwi49569"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20144",
    "datePublished": "2025-03-12T16:12:39.882Z",
    "dateReserved": "2024-10-10T19:15:13.215Z",
    "dateUpdated": "2025-03-21T20:33:28.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20141 (GCVE-0-2025-20141)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:35
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 7.9.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T20:35:07.856911Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T20:35:20.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T16:12:15.494Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-xr792-bWfVDPY",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
        },
        {
          "name": "Crafting endless AS-PATHS in BGP",
          "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-xr792-bWfVDPY",
        "defects": [
          "CSCwf89955"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20141",
    "datePublished": "2025-03-12T16:12:15.494Z",
    "dateReserved": "2024-10-10T19:15:13.214Z",
    "dateUpdated": "2025-03-21T20:35:20.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20236 (GCVE-0-2023-20236)
Vulnerability from cvelistv5
Published
2023-09-13 16:39
Modified
2024-10-23 19:10
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 5.2.0
Version: 5.2.1
Version: 5.2.2
Version: 5.2.4
Version: 5.2.3
Version: 5.2.5
Version: 5.2.47
Version: 5.3.0
Version: 5.3.1
Version: 5.3.2
Version: 5.3.3
Version: 5.3.4
Version: 6.0.0
Version: 6.0.1
Version: 6.0.2
Version: 6.1.1
Version: 6.1.2
Version: 6.1.3
Version: 6.1.4
Version: 6.1.12
Version: 6.1.22
Version: 6.1.32
Version: 6.1.36
Version: 6.1.42
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.25
Version: 6.2.11
Version: 6.3.2
Version: 6.3.3
Version: 6.3.15
Version: 6.4.1
Version: 6.4.2
Version: 6.4.3
Version: 6.5.1
Version: 6.5.2
Version: 6.5.3
Version: 6.5.25
Version: 6.5.26
Version: 6.5.28
Version: 6.5.29
Version: 6.5.32
Version: 6.5.33
Version: 6.6.2
Version: 6.6.3
Version: 6.6.25
Version: 6.6.4
Version: 7.0.1
Version: 7.0.2
Version: 7.0.12
Version: 7.0.14
Version: 7.1.1
Version: 7.1.15
Version: 7.1.2
Version: 7.1.3
Version: 6.7.1
Version: 6.7.2
Version: 6.7.3
Version: 6.7.4
Version: 7.2.0
Version: 7.2.1
Version: 7.2.2
Version: 7.3.1
Version: 7.3.15
Version: 7.3.2
Version: 7.3.3
Version: 7.3.5
Version: 7.4.1
Version: 7.4.2
Version: 6.8.1
Version: 6.8.2
Version: 7.5.1
Version: 7.5.3
Version: 7.5.2
Version: 7.5.4
Version: 7.6.1
Version: 7.6.2
Version: 7.7.1
Version: 7.7.2
Version: 7.7.21
Version: 6.9.1
Version: 6.9.2
Version: 7.8.1
Version: 7.8.2
Version: 7.9.1
Version: 7.9.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "7.9.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20236",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-15T16:36:16.200980Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T19:10:48.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.2.1"
            },
            {
              "status": "affected",
              "version": "5.2.2"
            },
            {
              "status": "affected",
              "version": "5.2.4"
            },
            {
              "status": "affected",
              "version": "5.2.3"
            },
            {
              "status": "affected",
              "version": "5.2.5"
            },
            {
              "status": "affected",
              "version": "5.2.47"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "status": "affected",
              "version": "5.3.1"
            },
            {
              "status": "affected",
              "version": "5.3.2"
            },
            {
              "status": "affected",
              "version": "5.3.3"
            },
            {
              "status": "affected",
              "version": "5.3.4"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.1.1"
            },
            {
              "status": "affected",
              "version": "6.1.2"
            },
            {
              "status": "affected",
              "version": "6.1.3"
            },
            {
              "status": "affected",
              "version": "6.1.4"
            },
            {
              "status": "affected",
              "version": "6.1.12"
            },
            {
              "status": "affected",
              "version": "6.1.22"
            },
            {
              "status": "affected",
              "version": "6.1.32"
            },
            {
              "status": "affected",
              "version": "6.1.36"
            },
            {
              "status": "affected",
              "version": "6.1.42"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.25"
            },
            {
              "status": "affected",
              "version": "6.2.11"
            },
            {
              "status": "affected",
              "version": "6.3.2"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "6.3.15"
            },
            {
              "status": "affected",
              "version": "6.4.1"
            },
            {
              "status": "affected",
              "version": "6.4.2"
            },
            {
              "status": "affected",
              "version": "6.4.3"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.25"
            },
            {
              "status": "affected",
              "version": "6.5.26"
            },
            {
              "status": "affected",
              "version": "6.5.28"
            },
            {
              "status": "affected",
              "version": "6.5.29"
            },
            {
              "status": "affected",
              "version": "6.5.32"
            },
            {
              "status": "affected",
              "version": "6.5.33"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "6.7.4"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T19:50:10.951Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
        "defects": [
          "CSCvz63925",
          "CSCvz63918",
          "CSCwe12502",
          "CSCvz63929",
          "CSCwi31568",
          "CSCwh78724",
          "CSCwi26526",
          "CSCwh70601",
          "CSCwh78727",
          "CSCwj83430",
          "CSCwj88475"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20236",
    "datePublished": "2023-09-13T16:39:19.418Z",
    "dateReserved": "2022-10-27T18:47:50.370Z",
    "dateUpdated": "2024-10-23T19:10:48.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-04 12:02
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
psirt@cisco.comhttps://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/Technical Description
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr 6.5.1
cisco ios_xr 6.5.2
cisco ios_xr 6.5.3
cisco ios_xr 6.5.92
cisco ios_xr 6.5.93
cisco ios_xr 6.6.1
cisco ios_xr 6.6.2
cisco ios_xr 6.6.3
cisco ios_xr 6.6.4
cisco ios_xr 6.6.25
cisco ios_xr 7.0.1
cisco ios_xr 7.0.2
cisco ios_xr 7.0.90
cisco ios_xr 7.1.1
cisco ios_xr 7.1.2
cisco ios_xr 7.2.1
cisco ios_xr 7.2.2
cisco ios_xr 7.3.1
cisco ios_xr 7.3.2
cisco ios_xr 7.3.3
cisco ios_xr 7.3.4
cisco ios_xr 7.3.5
cisco ios_xr 7.3.6
cisco ios_xr 7.4.1
cisco ios_xr 7.4.2
cisco ios_xr 7.5.1
cisco ios_xr 7.5.2
cisco ios_xr 7.5.3
cisco ios_xr 7.5.4
cisco ios_xr 7.5.5
cisco ios_xr 7.6.1
cisco ios_xr 7.6.2
cisco ios_xr 7.7.1
cisco ios_xr 7.7.2
cisco ios_xr 7.7.21
cisco ios_xr 7.8.1
cisco ios_xr 7.8.2
cisco ios_xr 7.8.22
cisco ios_xr 7.9.1
cisco ios_xr 7.9.2
cisco ios_xr 7.10.1
cisco ios_xr 7.10.2
cisco ios_xr 7.11.1
cisco ncs_540-12z20g-sys-a -
cisco ncs_540-12z20g-sys-d -
cisco ncs_540-24q2c2dd-sys -
cisco ncs_540-24q8l2dd-sys -
cisco ncs_540-24z8q2c-sys -
cisco ncs_540-28z4c-sys-a -
cisco ncs_540-28z4c-sys-d -
cisco ncs_540-6z14s-sys-d -
cisco ncs_540-6z18g-sys-a -
cisco ncs_540-6z18g-sys-d -
cisco ncs_540-acc-sys -
cisco ncs_540-fh-agg -
cisco ncs_540-fh-csr-sys -
cisco ncs_540x-12z16g-sys-a -
cisco ncs_540x-12z16g-sys-d -
cisco ncs_540x-16z4g8q2c-a -
cisco ncs_540x-16z4g8q2c-d -
cisco ncs_540x-16z8q2c-d -
cisco ncs_540x-4z14g2q-a -
cisco ncs_540x-4z14g2q-d -
cisco ncs_540x-6z18g-sys-a -
cisco ncs_540x-6z18g-sys-d -
cisco ncs_540x-8z16g-sys-a -
cisco ncs_540x-8z16g-sys-d -
cisco ncs_540x-acc-sys -
cisco ncs_5501 -
cisco ncs_5501-se -
cisco ncs_5502 -
cisco ncs_5502-se -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57d2-18dd-sys -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the  section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) h\u00edbrida de paquetes IPv4 en el software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una gesti\u00f3n incorrecta de paquetes cuando existe una configuraci\u00f3n espec\u00edfica de la ACL h\u00edbrida. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle omitir una ACL configurada en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. Existen workarounds que la solucionan."
    }
  ],
  "id": "CVE-2025-20144",
  "lastModified": "2025-08-04T12:02:45.527",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-12T16:15:21.890",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Technical Description"
      ],
      "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-06 17:05
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.  This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
psirt@cisco.comhttps://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/Product
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPYVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr 7.9.2
cisco ncs_540-12z20g-sys-a -
cisco ncs_540-12z20g-sys-d -
cisco ncs_540-24q2c2dd-sys -
cisco ncs_540-24q8l2dd-sys -
cisco ncs_540-24z8q2c-sys -
cisco ncs_540-28z4c-sys-a -
cisco ncs_540-28z4c-sys-d -
cisco ncs_540-6z14s-sys-d -
cisco ncs_540-6z18g-sys-a -
cisco ncs_540-6z18g-sys-d -
cisco ncs_540-acc-sys -
cisco ncs_540-fh-agg -
cisco ncs_540-fh-csr-sys -
cisco ncs_540x-12z16g-sys-a -
cisco ncs_540x-12z16g-sys-d -
cisco ncs_540x-16z4g8q2c-a -
cisco ncs_540x-16z4g8q2c-d -
cisco ncs_540x-16z8q2c-d -
cisco ncs_540x-4z14g2q-a -
cisco ncs_540x-4z14g2q-d -
cisco ncs_540x-6z18g-sys-a -
cisco ncs_540x-6z18g-sys-d -
cisco ncs_540x-8z16g-sys-a -
cisco ncs_540x-8z16g-sys-d -
cisco ncs_540x-acc-sys -
cisco ncs_5501 -
cisco ncs_5501-se -
cisco ncs_5502 -
cisco ncs_5502-se -
cisco ncs_5504 -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_55a1-24h -
cisco ncs_55a1-24q6h-s -
cisco ncs_55a1-24q6h-ss -
cisco ncs_55a1-36h -
cisco ncs_55a1-36h-se -
cisco ncs_55a1-48q6h -
cisco ncs_55a2-mod-hd-s -
cisco ncs_55a2-mod-s -
cisco ncs_55a2-mod-se-s -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57d2-18dd-sys -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la gesti\u00f3n de paquetes espec\u00edficos que se env\u00edan desde una tarjeta de l\u00ednea a un procesador de rutas en la versi\u00f3n 7.9.2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque la interrupci\u00f3n del tr\u00e1fico del plano de control en varias plataformas Cisco IOS XR. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de los paquetes que se env\u00edan al procesador de rutas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico, que debe ser gestionado por la pila de Linux en el procesador de rutas, a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar la interrupci\u00f3n del tr\u00e1fico del plano de control, lo que resultar\u00eda en una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2025-20141",
  "lastModified": "2025-08-06T17:05:07.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-12T16:15:21.420",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Product"
      ],
      "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-03-13 17:15
Modified
2025-08-05 14:41
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3eVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3eVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr 7.10.2
cisco ios_xr 7.11
cisco 8011-4g24y4h-i -
cisco 8101-32fh -
cisco 8101-32fh-o -
cisco 8101-32h-o -
cisco 8102-28fh-dpu-o -
cisco 8102-64h -
cisco 8102-64h-o -
cisco 8111-32eh-o -
cisco 8122-64eh-o -
cisco 8122-64ehf-o -
cisco 8201 -
cisco 8201-24h8fh -
cisco 8201-32fh -
cisco 8201-32fh-o -
cisco 8202 -
cisco 8202-32fh-m -
cisco 8212-48fh-m -
cisco 8404 -
cisco 8501-sys-mt -
cisco 8608 -
cisco 8700 -
cisco 8711-32fh-m -
cisco 8712-mod-m -
cisco 8804 -
cisco 8808 -
cisco 8812 -
cisco 8818 -
cisco ncs_540-12z20g-sys-a -
cisco ncs_540-12z20g-sys-d -
cisco ncs_540-24q2c2dd-sys -
cisco ncs_540-24q8l2dd-sys -
cisco ncs_540-24z8q2c-sys -
cisco ncs_540-28z4c-sys-a -
cisco ncs_540-28z4c-sys-d -
cisco ncs_540-6z14s-sys-d -
cisco ncs_540-6z18g-sys-a -
cisco ncs_540-6z18g-sys-d -
cisco ncs_540-acc-sys -
cisco ncs_540-fh-agg -
cisco ncs_540-fh-csr-sys -
cisco ncs_540x-12z16g-sys-a -
cisco ncs_540x-12z16g-sys-d -
cisco ncs_540x-16z4g8q2c-a -
cisco ncs_540x-16z4g8q2c-d -
cisco ncs_540x-16z8q2c-d -
cisco ncs_540x-4z14g2q-a -
cisco ncs_540x-4z14g2q-d -
cisco ncs_540x-6z18g-sys-a -
cisco ncs_540x-6z18g-sys-d -
cisco ncs_540x-8z16g-sys-a -
cisco ncs_540x-8z16g-sys-d -
cisco ncs_540x-acc-sys -
cisco ncs_5501 -
cisco ncs_5501-se -
cisco ncs_5502 -
cisco ncs_5502-se -
cisco ncs_5504 -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_55a1-24h -
cisco ncs_55a1-24q6h-s -
cisco ncs_55a1-24q6h-ss -
cisco ncs_55a1-36h -
cisco ncs_55a1-36h-se -
cisco ncs_55a1-48q6h -
cisco ncs_55a2-mod-hd-s -
cisco ncs_55a2-mod-s -
cisco ncs_55a2-mod-se-s -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57d2-18dd-sys -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."
    }
  ],
  "id": "CVE-2024-20322",
  "lastModified": "2025-08-05T14:41:53.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-13T17:15:48.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-09-13 17:15
Modified
2024-11-21 07:40
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgBVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgBVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr *
cisco 8201 -
cisco 8202 -
cisco 8208 -
cisco 8212 -
cisco 8218 -
cisco 8804 -
cisco 8808 -
cisco 8812 -
cisco 8818 -
cisco 8831 -
cisco asr_9000 -
cisco asr_9000v -
cisco asr_9001 -
cisco asr_9006 -
cisco asr_9010 -
cisco asr_9901 -
cisco asr_9902 -
cisco asr_9903 -
cisco asr_9904 -
cisco asr_9906 -
cisco asr_9910 -
cisco asr_9912 -
cisco asr_9920 -
cisco asr_9922 -
cisco ncs_1001 -
cisco ncs_1002 -
cisco ncs_1004 -
cisco ncs_4009 -
cisco ncs_4016 -
cisco ncs_4201 -
cisco ncs_4202 -
cisco ncs_4206 -
cisco ncs_4216 -
cisco ncs_5001 -
cisco ncs_5002 -
cisco ncs_5011 -
cisco ncs_540 -
cisco ncs_5500 -
cisco ncs_5501 -
cisco ncs_5501 se
cisco ncs_5502 -
cisco ncs_5502 se
cisco ncs_5504 -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560 -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57c3-mods-sys -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F31C819-2725-4295-8FF3-BA00A7A6BE92",
              "versionEndExcluding": "7.10.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34DAD43-0C95-4830-8078-EFE3E6C0A930",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F5CBF0-7F55-44C0-B321-896BDBA22679",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D381E343-416F-42AF-A780-D330954F238F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE2514A1-486C-40F7-8746-56E2B973CBE6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FEF8271-315F-4756-931F-015F790BE693",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E7ED87-8AC0-4107-A7A5-F334236E2906",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C5ECF8-EFFE-4C27-8DCB-2533BFD5200F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C23248-3D61-4BAF-9602-BA31FB4374DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4206:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36494B4-8E2D-4399-97B5-725792BD5C45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4216:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0819EF17-5102-45FF-96AD-85BE17FD6921",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "603980FE-9865-4A71-A37C-A90B7F3B72D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funci\u00f3n de arranque iPXE del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado instale una imagen de software no verificada en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de imagen insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando los par\u00e1metros de arranque para la verificaci\u00f3n de im\u00e1genes durante el proceso de arranque iPXE en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante iniciar una imagen de software no verificada en el dispositivo afectado."
    }
  ],
  "id": "CVE-2023-20236",
  "lastModified": "2024-11-21T07:40:57.700",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-13T17:15:09.607",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-06 17:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system. Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
psirt@cisco.comhttps://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/Product
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvxVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr *
cisco ios_xr *
cisco ios_xr *
cisco ios_xr 24.4
cisco 8011-4g24y4h-i -
cisco 8101-32fh -
cisco 8101-32fh-o -
cisco 8101-32h-o -
cisco 8102-28fh-dpu-o -
cisco 8102-64h -
cisco 8102-64h-o -
cisco 8111-32eh-o -
cisco 8122-64eh-o -
cisco 8122-64ehf-o -
cisco 8201 -
cisco 8201-24h8fh -
cisco 8201-32fh -
cisco 8201-32fh-o -
cisco 8202 -
cisco 8202-32fh-m -
cisco 8212-48fh-m -
cisco 8404 -
cisco 8501-sys-mt -
cisco 8608 -
cisco 8700 -
cisco 8711-32fh-m -
cisco 8712-mod-m -
cisco 8804 -
cisco 8808 -
cisco 8812 -
cisco 8818 -
cisco ncs_1010 -
cisco ncs_1014 -
cisco ncs_540-12z20g-sys-a -
cisco ncs_540-12z20g-sys-d -
cisco ncs_540-24q2c2dd-sys -
cisco ncs_540-24q8l2dd-sys -
cisco ncs_540-24z8q2c-sys -
cisco ncs_540-28z4c-sys-a -
cisco ncs_540-28z4c-sys-d -
cisco ncs_540-6z14s-sys-d -
cisco ncs_540-6z18g-sys-a -
cisco ncs_540-6z18g-sys-d -
cisco ncs_540-acc-sys -
cisco ncs_540-fh-agg -
cisco ncs_540-fh-csr-sys -
cisco ncs_540x-12z16g-sys-a -
cisco ncs_540x-12z16g-sys-d -
cisco ncs_540x-16z4g8q2c-a -
cisco ncs_540x-16z4g8q2c-d -
cisco ncs_540x-16z8q2c-d -
cisco ncs_540x-4z14g2q-a -
cisco ncs_540x-4z14g2q-d -
cisco ncs_540x-6z18g-sys-a -
cisco ncs_540x-6z18g-sys-d -
cisco ncs_540x-8z16g-sys-a -
cisco ncs_540x-8z16g-sys-d -
cisco ncs_540x-acc-sys -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57d2-18dd-sys -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC4CBFD-BFB8-4D89-B5F7-3CBD156778A7",
              "versionEndExcluding": "7.11.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCAF5A0C-D731-4BE1-AAD8-88ADDB8A65DE",
              "versionEndExcluding": "24.2.2",
              "versionStartIncluding": "24.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9D6AD9-652C-491A-9B61-04691D82BBBE",
              "versionEndExcluding": "24.3.2",
              "versionStartIncluding": "24.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCE9AC2-F70A-4B54-8B1C-8F28E4FB32D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado omita la verificaci\u00f3n de la firma de la imagen de Cisco IOS XR e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incompleta de los archivos durante el proceso de verificaci\u00f3n de arranque. Un atacante podr\u00eda explotarla manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle omitir el requisito de ejecutar im\u00e1genes firmadas por Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Dado que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar que el atacante omita la verificaci\u00f3n de la imagen de Cisco, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de media a alta."
    }
  ],
  "id": "CVE-2025-20177",
  "lastModified": "2025-08-06T17:04:34.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-12T16:15:22.347",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Product"
      ],
      "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-274"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-03-09 22:15
Modified
2024-11-21 07:40
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5FqVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5FqVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr *
cisco asr_9000v-v2 -
cisco asr_9001 -
cisco asr_9006 -
cisco asr_9010 -
cisco asr_9901 -
cisco asr_9902 -
cisco asr_9903 -
cisco asr_9904 -
cisco asr_9906 -
cisco asr_9910 -
cisco asr_9912 -
cisco asr_9922 -
cisco ios_xrv_9000 -
cisco ncs_1001 -
cisco ncs_1002 -
cisco ncs_1004 -
cisco ios_xr *
cisco nc57-18dd-se -
cisco nc57-24dd -
cisco nc57-36h-se -
cisco nc57-36h6d-s -
cisco ncs_540 -
cisco ncs_540_fronthaul -
cisco ncs_5501 -
cisco ncs_5501-se -
cisco ncs_5502 -
cisco ncs_5502-se -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57c3-mods-sys -
cisco ios_xr *
cisco ncs_5001 -
cisco ncs_5002 -
cisco ncs_5011 -
cisco ios_xr *
cisco ncs_6000 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E6CEEB-0908-4884-A51E-000000DE5E92",
              "versionEndExcluding": "7.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "FAE7AE4D-73A6-4179-80DA-2219563928E1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "0FF7BDEE-8351-4CE3-BEAD-42C8767E0BF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "A5266F35-6886-4CF1-81DB-25626A0A26A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25F4932-6940-4934-B110-577417B93948",
              "versionEndExcluding": "7.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nc57-18dd-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98728BD8-C11B-413D-8C8A-052661A608AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nc57-24dd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71B61EB0-E121-4899-9504-269CE4E7E3EB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nc57-36h-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6811F99A-F96F-4B26-AF68-DC1A8C3B65E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nc57-36h6d-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "560B88A5-3716-43AB-A094-063293EF6509",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3FBC1F6-F523-485A-A466-B6DBA15E6537",
              "versionEndExcluding": "7.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C15E168-11DA-4219-B689-78BC48935263",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device."
    }
  ],
  "id": "CVE-2023-20064",
  "lastModified": "2024-11-21T07:40:28.087",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-09T22:15:52.277",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}