CVE-2020-3364

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface.

Published: Jun 18, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3364
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
cisco / ios_xr	7.1.1	7.1.1.x
cisco / ios_xr	7.0.2	7.0.2.x
cisco / ios_xr	7.0.11	7.0.11.x
cisco / ios_xr	7.0.12	7.0.12.x
cisco / ios_xr	7.1.15	7.1.15.x
cisco / ios_xr	6.7.1	6.7.1.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt

Vulnerability Database

289,599

CVE-2020-3364