Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Cisco IOS XR 安全漏洞
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR 存在安全漏洞,该漏洞源于经典访问控制列表(ACL)压缩功能中存在安全漏洞,允许未经身份验证的攻击者绕过受影响设备上配置的ACL保护。
CVSS Information
N/A
Vulnerability Type
N/A