Vulnslist

find the latest Cisco vulnerabilities

Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability

cisco-sa-defaultacl-pSJk9nVF · Medium · Published · Updated

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-defaultacl-pSJk9nVF

Cisco advisory ·CSAF JSON

Workarounds

There is a workaround that addresses this vulnerability. Administrators should determine which ACL best suits their needs and then configure that single ACL type on the interface.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2025-20339
Cisco Bug IDsCSCwo83136
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco SD-WAN vEdge Router, Cisco SD-WAN vEdge Cloud

Related Products

Product CVE Evidence
Cisco vEdge Routers CVE-2025-20339 Cisco OpenVuln
Cisco SD-WAN CVE-2025-20339 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2025-20339 Cisco OpenVuln
Cisco Catalyst SD-WAN Software CVE-2025-20339 Cisco OpenVuln
Cisco SD-WAN vEdge Router CVE-2025-20339 Cisco OpenVuln
Cisco SD-WAN vEdge Cloud CVE-2025-20339 Cisco OpenVuln