CVSS 3.1 Score 5.8 of 10 (medium)


Published Sep 13, 2023
Updated: Jan 25, 2024
CWE ID 863
CWE ID 264


CVE-2023-20190 is a vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software. This vulnerability could allow an unauthenticated, remote attacker to bypass the protection offered by a configured ACL on an affected device. The vulnerability occurs due to incorrect destination address range encoding in the compression module of an ACL applied to an interface. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL, potentially allowing them to access trusted networks protected by the device. There are workarounds available to address this vulnerability. The affected products include various versions of Cisco IOS XR Software and SBBKUP, SBBKUQ, SBBKUR, SBBKUS, and other related products. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.8 out of 10 according to CVSS:3.1 standards.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-20190 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options