ios_xr 安全漏洞 (CVE-2023-20190)
CVE编号
CVE-2023-20190利用情况
暂无补丁情况
N/A披露时间
2022-10-27漏洞描述
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ios_xr | * | Up to (excluding) 7.3.5 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ios_xr | * | From (including) 7.5 | Up to (excluding) 7.5.4 | ||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ios_xr | * | From (including) 7.6 | Up to (excluding) 7.8.2 | ||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ios_xr | 7.9 | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 无
- 完整性 低
| CWE-ID | 漏洞类型 |
| CWE-863 | 授权机制不正确 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论