CVE-2023-20190

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability in the classic access control list (ACL) compression feature could allow an unauthenticated, remote attacker to bypass the protection offered by a configured ACL on an affected device. This is due to incorrect destination address range encoding in the compression module of an ACL applied to an interface of an affected device. An attacker could exploit this by sending traffic through the affected device that should be denied by the configured ACL, potentially allowing access to trusted networks.

Recommendations There are workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability. As a temporary workaround, consider disabling the ACL compression feature until a patch is available. Restrict access to the affected device to minimize the risk of exploitation. Avoid using the affected ACL configurations until the issue is resolved.