Access Control Bypass Vulnerability in Cisco IOS XR Software
CVE-2023-20190

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco IOS XR Software
Vendor: CVE Published:; 13 September 2023

Summary

A flaw exists in the access control list (ACL) compression feature of Cisco IOS XR Software that allows unauthenticated remote attackers to bypass existing ACL protections. This issue arises from incorrect encoding of destination address ranges in the ACL compression module. By sending traffic that should be denied access, attackers could exploit this vulnerability to gain unauthorized access to trusted networks secured by the affected device. Cisco has provided workarounds to mitigate this vulnerability.

Affected Version(s)

Cisco IOS XR Software 5.2.0

Cisco IOS XR Software 5.2.1

Cisco IOS XR Software 5.2.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Oct 27, 2022