Cisco SD-WAN Software Packet Filtering Bypass Vulnerability
Description
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco SD-WAN Software contains a packet filtering bypass vulnerability allowing unauthenticated remote attackers to inject arbitrary packets.
Vulnerability
The vulnerability resides in the packet filtering features of Cisco SD-WAN Software, specifically in Cisco IOS XE Software releases 17.2.1r and later running in Controller mode. It is due to improper traffic filtering conditions on an affected device, allowing an attacker to bypass L3 and L4 traffic filters [1].
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. No authentication or user interaction is required [1].
Impact
Successful exploitation allows the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network, potentially compromising network integrity. The CVSS score is 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N), indicating a low integrity impact with no confidentiality or availability impact [1].
Mitigation
Cisco has released software updates to address this vulnerability; refer to the Cisco Security Advisory [1] for the fixed releases. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco SD-WAN Solutionv5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4mitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.