CVE-2025-20137
4.7
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: psirt@cisco.com (Secondary)
Description
A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.
Affected (35)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 15.2(5a)e |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst 1000 16fp 2g L | All versions |
Cisco Catalyst 1000 16p 2g L | All versions |
Cisco Catalyst 1000 16t 2g L | All versions |
Cisco Catalyst 1000 16t E 2g L | All versions |
Cisco Catalyst 1000 24fp 4g L | All versions |
Cisco Catalyst 1000 24fp 4x L | All versions |
Cisco Catalyst 1000 24p 4g L | All versions |
Cisco Catalyst 1000 24p 4x L | All versions |
Cisco Catalyst 1000 24pp 4g L | All versions |
Cisco Catalyst 1000 24t 4g L | All versions |
Cisco Catalyst 1000 24t 4x L | All versions |
Cisco Catalyst 1000 48fp 4g L | All versions |
Cisco Catalyst 1000 48fp 4x L | All versions |
Cisco Catalyst 1000 48p 4g L | All versions |
Cisco Catalyst 1000 48p 4x L | All versions |
Cisco Catalyst 1000 48pp 4g L | All versions |
Cisco Catalyst 1000 48t 4g L | All versions |
Cisco Catalyst 1000 48t 4x L | All versions |
Cisco Catalyst 1000 8fp 2g L | All versions |
Cisco Catalyst 1000 8fp E 2g L | All versions |
Cisco Catalyst 1000 8p 2g L | All versions |
Cisco Catalyst 1000 8p E 2g L | All versions |
Cisco Catalyst 1000 8t 2g L | All versions |
Cisco Catalyst 1000 8t E 2g L | All versions |
Cisco Catalyst 1000fe 24p 4g L | All versions |
Cisco Catalyst 1000fe 24t 4g L | All versions |
Cisco Catalyst 1000fe 48p 4g L | All versions |
Cisco Catalyst 1000fe 48t 4g L | All versions |
Cisco Catalyst 2960l 16ps Ll | All versions |
Cisco Catalyst 2960l 16ts Ll | All versions |
Cisco Catalyst 2960l 24pq Ll | All versions |
Cisco Catalyst 2960l 24ps Ll | All versions |
Cisco Catalyst 2960l 24tq Ll | All versions |
Cisco Catalyst 2960l 24ts Ll | All versions |
Cisco Catalyst 2960l 48pq Ll | All versions |
Cisco Catalyst 2960l 48ps Ll | All versions |
Cisco Catalyst 2960l 48tq Ll | All versions |
Cisco Catalyst 2960l 48ts Ll | All versions |
Cisco Catalyst 2960l 8ps Ll | All versions |
Cisco Catalyst 2960l 8ts Ll | All versions |
References (1)
Source: psirt@cisco.com
Vendor Advisory
Timeline
No history available yet.