CVE-2025-20339

Summary

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL.

This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco SD-WAN vEdge Cloud20.9.1affected
CiscoCisco SD-WAN vEdge Cloud20.9.1.1affected
CiscoCisco SD-WAN vEdge Cloud20.9.2affected
CiscoCisco SD-WAN vEdge Cloud20.9.3affected
CiscoCisco SD-WAN vEdge Cloud20.9.3.1affected
CiscoCisco SD-WAN vEdge Cloud20.9.2.2affected
CiscoCisco SD-WAN vEdge Cloud20.9.2.3affected
CiscoCisco SD-WAN vEdge Cloud20.9.4affected
CiscoCisco SD-WAN vEdge Cloud20.9.5affected
CiscoCisco SD-WAN vEdge Cloud20.9.5.1affected
CiscoCisco SD-WAN vEdge Cloud20.9.6affected
CiscoCisco SD-WAN vEdge Cloud20.9.5.3affected
CiscoCisco SD-WAN vEdge Router20.3.1affected
CiscoCisco SD-WAN vEdge Router20.3.2affected
CiscoCisco SD-WAN vEdge Router20.4.1affected
CiscoCisco SD-WAN vEdge Router20.4.1.1affected
CiscoCisco SD-WAN vEdge Router20.3.3affected
CiscoCisco SD-WAN vEdge Router20.4.1.2affected
CiscoCisco SD-WAN vEdge Router20.4.2affected
CiscoCisco SD-WAN vEdge Router20.3.4affected
CiscoCisco SD-WAN vEdge Router20.3.5affected
CiscoCisco SD-WAN vEdge Router20.9.1affected
CiscoCisco SD-WAN vEdge Router20.3.6affected
CiscoCisco SD-WAN vEdge Router20.9.2affected
CiscoCisco SD-WAN vEdge Router20.3.7affected
CiscoCisco SD-WAN vEdge Router20.9.3affected
CiscoCisco SD-WAN vEdge Router20.3.3.2affected
CiscoCisco SD-WAN vEdge Router20.3.4.3affected
CiscoCisco SD-WAN vEdge Router20.9.3.1affected
CiscoCisco SD-WAN vEdge Router20.3.7.1affected
CiscoCisco SD-WAN vEdge Router20.3.5.1affected
CiscoCisco SD-WAN vEdge Router20.4.2.3affected
CiscoCisco SD-WAN vEdge Router20.9.2.2affected
CiscoCisco SD-WAN vEdge Router20.3.7.2affected
CiscoCisco SD-WAN vEdge Router20.9.2.3affected
CiscoCisco SD-WAN vEdge Router20.9.4affected
CiscoCisco SD-WAN vEdge Router20.12.1affected
CiscoCisco SD-WAN vEdge Router20.3.8affected
CiscoCisco SD-WAN vEdge Router20.9.4.1777affected
CiscoCisco SD-WAN vEdge Router20.9.5affected
CiscoCisco SD-WAN vEdge Router20.9.5.1affected
CiscoCisco SD-WAN vEdge Router20.12.3.1affected
CiscoCisco SD-WAN vEdge Router20.9.6affected
CiscoCisco SD-WAN vEdge Router20.9.5.3affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References