CVE-2023-20190

Summary

CVE-2023-20190 is a vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software. This vulnerability could allow an unauthenticated, remote attacker to bypass the protection offered by a configured ACL on an affected device. The vulnerability occurs due to incorrect destination address range encoding in the compression module of an ACL applied to an interface. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL, potentially allowing them to access trusted networks protected by the device. There are workarounds available to address this vulnerability. The affected products include various versions of Cisco IOS XR Software and SBBKUP, SBBKUQ, SBBKUR, SBBKUS, and other related products. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.8 out of 10 according to CVSS:3.1 standards.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.