CVE-2025-20339
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-24
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | sd-wan_vedge_software | 20.9.7 |
| cisco | sd-wan_vedge_software | 20.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the access control list (ACL) processing of IPv4 packets in Cisco SD-WAN vEdge Software. It allows an unauthenticated, remote attacker to bypass a configured ACL because the implicit deny all rule at the end of the ACL is not properly enforced. An attacker can exploit this by sending unauthorized traffic to an interface on the affected device, effectively bypassing the ACL restrictions.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to bypass ACLs on affected Cisco SD-WAN vEdge devices, potentially enabling unauthorized access or traffic through the network. This could lead to security breaches where unauthorized data or commands are sent or received, compromising network integrity and security.