CVE-2025-20159
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features.
This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS XR Software | 6.6.1 | affected |
| Cisco | Cisco IOS XR Software | 6.5.3 | affected |
| Cisco | Cisco IOS XR Software | 7.0.1 | affected |
| Cisco | Cisco IOS XR Software | 6.6.11 | affected |
| Cisco | Cisco IOS XR Software | 6.5.1 | affected |
| Cisco | Cisco IOS XR Software | 6.5.2 | affected |
| Cisco | Cisco IOS XR Software | 6.6.2 | affected |
| Cisco | Cisco IOS XR Software | 6.6.12 | affected |
| Cisco | Cisco IOS XR Software | 6.6.25 | affected |
| Cisco | Cisco IOS XR Software | 7.1.1 | affected |
| Cisco | Cisco IOS XR Software | 7.0.90 | affected |
| Cisco | Cisco IOS XR Software | 6.6.3 | affected |
| Cisco | Cisco IOS XR Software | 7.0.2 | affected |
| Cisco | Cisco IOS XR Software | 7.1.2 | affected |
| Cisco | Cisco IOS XR Software | 7.2.1 | affected |
| Cisco | Cisco IOS XR Software | 7.0.11 | affected |
| Cisco | Cisco IOS XR Software | 7.0.12 | affected |
| Cisco | Cisco IOS XR Software | 7.0.14 | affected |
| Cisco | Cisco IOS XR Software | 6.6.4 | affected |
| Cisco | Cisco IOS XR Software | 7.2.12 | affected |
| Cisco | Cisco IOS XR Software | 7.3.1 | affected |
| Cisco | Cisco IOS XR Software | 7.4.1 | affected |
| Cisco | Cisco IOS XR Software | 7.2.2 | affected |
| Cisco | Cisco IOS XR Software | 7.3.15 | affected |
| Cisco | Cisco IOS XR Software | 7.3.16 | affected |
| Cisco | Cisco IOS XR Software | 7.4.15 | affected |
| Cisco | Cisco IOS XR Software | 7.3.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.1 | affected |
| Cisco | Cisco IOS XR Software | 7.4.16 | affected |
| Cisco | Cisco IOS XR Software | 7.3.27 | affected |
| Cisco | Cisco IOS XR Software | 7.6.1 | affected |
| Cisco | Cisco IOS XR Software | 7.5.2 | affected |
| Cisco | Cisco IOS XR Software | 7.8.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.15 | affected |
| Cisco | Cisco IOS XR Software | 7.5.12 | affected |
| Cisco | Cisco IOS XR Software | 7.8.12 | affected |
| Cisco | Cisco IOS XR Software | 7.3.4 | affected |
| Cisco | Cisco IOS XR Software | 7.3.3 | affected |
| Cisco | Cisco IOS XR Software | 7.4.2 | affected |
| Cisco | Cisco IOS XR Software | 7.7.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.3 | affected |
| Cisco | Cisco IOS XR Software | 7.7.2 | affected |
| Cisco | Cisco IOS XR Software | 7.9.1 | affected |
| Cisco | Cisco IOS XR Software | 7.10.1 | affected |
| Cisco | Cisco IOS XR Software | 7.8.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.4 | affected |
| Cisco | Cisco IOS XR Software | 7.8.22 | affected |
| Cisco | Cisco IOS XR Software | 7.7.21 | affected |
| Cisco | Cisco IOS XR Software | 7.9.2 | affected |
| Cisco | Cisco IOS XR Software | 7.3.5 | affected |
| Cisco | Cisco IOS XR Software | 7.5.5 | affected |
| Cisco | Cisco IOS XR Software | 7.11.1 | affected |
| Cisco | Cisco IOS XR Software | 7.10.2 | affected |
| Cisco | Cisco IOS XR Software | 24.1.1 | affected |
| Cisco | Cisco IOS XR Software | 7.3.6 | affected |
| Cisco | Cisco IOS XR Software | 7.5.52 | affected |
| Cisco | Cisco IOS XR Software | 7.11.2 | affected |
| Cisco | Cisco IOS XR Software | 24.2.1 | affected |
| Cisco | Cisco IOS XR Software | 24.1.2 | affected |
| Cisco | Cisco IOS XR Software | 24.2.11 | affected |
| Cisco | Cisco IOS XR Software | 24.3.1 | affected |
| Cisco | Cisco IOS XR Software | 24.4.1 | affected |
| Cisco | Cisco IOS XR Software | 24.2.2 | affected |
| Cisco | Cisco IOS XR Software | 7.11.21 | affected |
| Cisco | Cisco IOS XR Software | 24.2.20 | affected |
| Cisco | Cisco IOS XR Software | 24.3.2 | affected |
| Cisco | Cisco IOS XR Software | 25.1.1 | affected |
| Cisco | Cisco IOS XR Software | 24.4.2 | affected |
| Cisco | Cisco IOS XR Software | 24.3.20 | affected |
| Cisco | Cisco IOS XR Software | 25.1.2 | affected |
| Cisco | Cisco IOS XR Software | 24.3.30 | affected |
| Cisco | Cisco IOS XR Software | 24.4.30 | affected |
| Cisco | Cisco IOS XR Software | 24.2.21 | affected |
Weaknesses
- CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.