CVE-2025-20339 | THREATINT

Description

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

PUBLISHED Reserved 2024-10-10 | Published 2025-09-24 | Updated 2025-09-24 | Assigner cisco

MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

Improper Access Control

Product status

Default status

unknown

20.9.1

affected

20.9.1.1

affected

20.9.2

affected

20.9.3

affected

20.9.3.1

affected

20.9.2.2

affected

20.9.2.3

affected

20.9.4

affected

20.9.5

affected

20.9.5.1

affected

20.9.6

affected

20.9.5.3

affected

Default status

unknown

20.3.1

affected

20.3.2

affected

20.4.1

affected

20.4.1.1

affected

20.3.3

affected

20.4.1.2

affected

20.4.2

affected

20.3.4

affected

20.3.5

affected

20.9.1

affected

20.3.6

affected

20.9.2

affected

20.3.7

affected

20.9.3

affected

20.3.3.2

affected

20.3.4.3

affected

20.9.3.1

affected

20.3.7.1

affected

20.3.5.1

affected

20.4.2.3

affected

20.9.2.2

affected

20.3.7.2

affected

20.9.2.3

affected

20.9.4

affected

20.12.1

affected

20.3.8

affected

20.9.4.1777

affected

20.9.5

affected

20.9.5.1

affected

20.12.3.1

affected

20.9.6

affected

20.9.5.3

affected

References

sec.cloudapps.cisco.com/...sory/cisco-sa-defaultacl-pSJk9nVF (cisco-sa-defaultacl-pSJk9nVF)

cve.org (CVE-2025-20339)

nvd.nist.gov (CVE-2025-20339)

Download JSON