Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0553
Vulnerability from csaf_certbund
Published
2025-03-12 23:00
Modified
2025-03-12 23:00
Summary
Cisco IOS XR: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XR ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, erhöhte Rechte zu erlangen, beliebigen Code auszuführen und Daten zu manipulieren.
Betroffene Betriebssysteme
- CISCO Appliance
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das f\u00fcr Cisco Ger\u00e4te wie z. B. Router und Switches eingesetzt wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XR ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, erh\u00f6hte Rechte zu erlangen, beliebigen Code auszuf\u00fchren und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0553 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0553.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0553 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0553"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-iosxr-bgp-dos-O7stePhX vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-iosxr-priv-esc-GFQjxvOF vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-xr792-bWfVDPY vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-sb-lkm-zNErZjbZ vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ncs-hybridacl-crMZFfKQ vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-modular-ACL-u5MEPXMm vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ios-xr-verii-bypass-HhPwQRvx vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-xrike-9wYGpRGq vom 2025-03-12",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
}
],
"source_lang": "en-US",
"title": "Cisco IOS XR: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-12T23:00:00.000+00:00",
"generator": {
"date": "2025-03-13T12:14:16.053+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0553",
"initial_release_date": "2025-03-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.11.2",
"product": {
"name": "Cisco IOS XR \u003c7.11.2",
"product_id": "T041868"
}
},
{
"category": "product_version",
"name": "7.11.2",
"product": {
"name": "Cisco IOS XR 7.11.2",
"product_id": "T041868-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:7.11.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.2.21",
"product": {
"name": "Cisco IOS XR \u003c24.2.21",
"product_id": "T041869"
}
},
{
"category": "product_version",
"name": "24.2.21",
"product": {
"name": "Cisco IOS XR 24.2.21",
"product_id": "T041869-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.2.21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.3.1",
"product": {
"name": "Cisco IOS XR \u003c24.3.1",
"product_id": "T041870"
}
},
{
"category": "product_version",
"name": "24.3.1",
"product": {
"name": "Cisco IOS XR 24.3.1",
"product_id": "T041870-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.9.1",
"product": {
"name": "Cisco IOS XR \u003c7.9.1",
"product_id": "T041871"
}
},
{
"category": "product_version",
"name": "7.9.1",
"product": {
"name": "Cisco IOS XR 7.9.1",
"product_id": "T041871-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:7.9.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c25.1.1",
"product": {
"name": "Cisco IOS XR \u003c25.1.1",
"product_id": "T041872"
}
},
{
"category": "product_version",
"name": "25.1.1",
"product": {
"name": "Cisco IOS XR 25.1.1",
"product_id": "T041872-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:25.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.11.21",
"product": {
"name": "Cisco IOS XR \u003c7.11.21",
"product_id": "T041873"
}
},
{
"category": "product_version",
"name": "7.11.21",
"product": {
"name": "Cisco IOS XR 7.11.21",
"product_id": "T041873-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:7.11.21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.2.2",
"product": {
"name": "Cisco IOS XR \u003c24.2.2",
"product_id": "T041874"
}
},
{
"category": "product_version",
"name": "24.2.2",
"product": {
"name": "Cisco IOS XR 24.2.2",
"product_id": "T041874-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.3.2",
"product": {
"name": "Cisco IOS XR \u003c24.3.2",
"product_id": "T041875"
}
},
{
"category": "product_version",
"name": "24.3.2",
"product": {
"name": "Cisco IOS XR 24.3.2",
"product_id": "T041875-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.4.1",
"product": {
"name": "Cisco IOS XR \u003c24.4.1",
"product_id": "T041876"
}
},
{
"category": "product_version",
"name": "24.4.1",
"product": {
"name": "Cisco IOS XR 24.4.1",
"product_id": "T041876-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.4",
"product": {
"name": "Cisco IOS XR \u003c24.4",
"product_id": "T041881"
}
},
{
"category": "product_version",
"name": "24.4",
"product": {
"name": "Cisco IOS XR 24.4",
"product_id": "T041881-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:24.4"
}
}
},
{
"category": "product_version",
"name": "7.9.2",
"product": {
"name": "Cisco IOS XR 7.9.2",
"product_id": "T041886",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:7.9.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.9.3",
"product": {
"name": "Cisco IOS XR \u003c7.9.3",
"product_id": "T041888"
}
},
{
"category": "product_version",
"name": "7.9.3",
"product": {
"name": "Cisco IOS XR 7.9.3",
"product_id": "T041888-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:ios_xr:7.9.3"
}
}
}
],
"category": "product_name",
"name": "IOS XR"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-20138",
"product_status": {
"known_affected": [
"T041869",
"T041868",
"T041888",
"T041875",
"T041886",
"T041874",
"T041873",
"T041872",
"T041871",
"T041870"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20138"
},
{
"cve": "CVE-2025-20115",
"product_status": {
"known_affected": [
"T041869",
"T041868",
"T041888",
"T041874",
"T041873",
"T041870"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20115"
},
{
"cve": "CVE-2025-20141",
"product_status": {
"known_affected": [
"T041888",
"T041886"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20141"
},
{
"cve": "CVE-2025-20143",
"product_status": {
"known_affected": [
"T041871"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20143"
},
{
"cve": "CVE-2025-20144",
"product_status": {
"known_affected": [
"T041868",
"T041888",
"T041886",
"T041871"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20144"
},
{
"cve": "CVE-2025-20145",
"product_status": {
"known_affected": [
"T041868",
"T041888",
"T041876",
"T041886",
"T041874",
"T041873",
"T041871",
"T041881"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20145"
},
{
"cve": "CVE-2025-20177",
"product_status": {
"known_affected": [
"T041868",
"T041888",
"T041876",
"T041886",
"T041875",
"T041874",
"T041873",
"T041871",
"T041870",
"T041881"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20177"
},
{
"cve": "CVE-2025-20209",
"product_status": {
"known_affected": [
"T041868",
"T041888",
"T041886",
"T041874",
"T041873",
"T041871"
]
},
"release_date": "2025-03-12T23:00:00.000+00:00",
"title": "CVE-2025-20209"
}
]
}
CVE-2025-20209 (GCVE-0-2025-20209)
Vulnerability from cvelistv5
Published
2025-03-12 16:13
Modified
2025-03-12 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.
This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.6.1 Version: 6.5.2 Version: 6.6.2 Version: 6.5.1 Version: 7.0.1 Version: 6.6.25 Version: 7.0.0 Version: 7.1.1 Version: 6.6.3 Version: 7.0.2 Version: 7.2.0 Version: 7.1.2 Version: 7.2.1 Version: 7.3.1 Version: 7.4.1 Version: 7.2.2 Version: 7.3.2 Version: 7.5.1 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.7.1 Version: 7.4.2 Version: 7.6.2 Version: 7.8.1 Version: 7.7.2 Version: 7.9.1 Version: 7.8.2 Version: 7.8.22 Version: 7.10.1 Version: 7.7.21 Version: 7.9.2 Version: 7.11.1 Version: 7.10.2 Version: 24.1.1 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T17:50:42.688446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T17:51:32.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:12.340Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xrike-9wYGpRGq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xrike-9wYGpRGq",
"defects": [
"CSCwk64612"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20209",
"datePublished": "2025-03-12T16:13:12.340Z",
"dateReserved": "2024-10-10T19:15:13.231Z",
"dateUpdated": "2025-03-12T17:51:32.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20145 (GCVE-0-2025-20145)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Control
Summary
A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.
For more information about this vulnerability, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.2 Version: 6.5.92 Version: 6.5.1 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.6.1 Version: 6.5.93 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 7.0.2 Version: 7.2.1 Version: 7.1.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.4.1 Version: 7.2.2 Version: 7.3.15 Version: 7.3.16 Version: 7.3.2 Version: 7.5.1 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.5.12 Version: 7.7.1 Version: 7.3.3 Version: 7.4.2 Version: 7.3.4 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.10.2 Version: 24.1.1 Version: 7.3.6 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 Version: 24.4.1 Version: 24.2.2 Version: 7.11.21 Version: 24.2.20 Version: 24.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:32:16.967308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:32:32.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.4.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "24.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.\r\nFor more information about this vulnerability, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Permissions, Privileges, and Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:48.668Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-modular-ACL-u5MEPXMm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-modular-ACL-u5MEPXMm",
"defects": [
"CSCwk63613"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20145",
"datePublished": "2025-03-12T16:12:48.668Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:32:32.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from cvelistv5
Published
2025-03-12 16:13
Modified
2025-03-14 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.0.1 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 Version: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:23.530580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:04.362Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"defects": [
"CSCwk67262"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20177",
"datePublished": "2025-03-12T16:13:04.362Z",
"dateReserved": "2024-10-10T19:15:13.220Z",
"dateUpdated": "2025-03-14T15:31:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20141 (GCVE-0-2025-20141)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.9.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:07.856911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:20.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:15.494Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr792-bWfVDPY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xr792-bWfVDPY",
"defects": [
"CSCwf89955"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20141",
"datePublished": "2025-03-12T16:12:15.494Z",
"dateReserved": "2024-10-10T19:15:13.214Z",
"dateUpdated": "2025-03-21T20:35:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20144 (GCVE-0-2025-20144)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.2 Version: 6.5.92 Version: 6.5.1 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.6.1 Version: 6.5.93 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 7.0.2 Version: 7.2.1 Version: 7.1.2 Version: 6.6.4 Version: 7.3.1 Version: 7.4.1 Version: 7.2.2 Version: 7.3.2 Version: 7.5.1 Version: 7.6.1 Version: 7.5.2 Version: 7.7.1 Version: 7.3.3 Version: 7.4.2 Version: 7.3.4 Version: 7.6.2 Version: 7.8.1 Version: 7.5.3 Version: 7.7.2 Version: 7.9.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.10.1 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.10.2 Version: 7.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:33:04.758400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:33:28.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:39.882Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"defects": [
"CSCwi49569"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20144",
"datePublished": "2025-03-12T16:12:39.882Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:33:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20115 (GCVE-0-2025-20115)
Vulnerability from cvelistv5
Published
2025-03-12 16:11
Modified
2025-03-21 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.2.2 Version: 7.8.23 Version: 7.11.21 Version: 24.2.20 Version: 6.5.35 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:39.499211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:55.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "6.5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)\u0026nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of a public announcement about this issue. This announcement is not specific to Cisco IOS XR Software and can be found at .\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:11:58.731Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-bgp-dos-O7stePhX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-iosxr-bgp-dos-O7stePhX",
"defects": [
"CSCwk15887"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20115",
"datePublished": "2025-03-12T16:11:58.731Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-03-21T20:35:55.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20143 (GCVE-0-2025-20143)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-14 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.2 Version: 6.5.92 Version: 6.5.1 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.6.1 Version: 6.6.11 Version: 6.5.93 Version: 6.6.12 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.1.25 Version: 6.6.4 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.8.1 Version: 7.4.15 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.6.15 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.4.2 Version: 7.3.4 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.8.1 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.3.5 Version: 7.5.5 Version: 7.3.6 Version: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:22.156936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:09.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:31.135Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-lkm-zNErZjbZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-sb-lkm-zNErZjbZ",
"defects": [
"CSCvx66790"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Secure Boot Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20143",
"datePublished": "2025-03-12T16:12:31.135Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-14T15:31:09.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20138 (GCVE-0-2025-20138)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-14 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 7.0.11 Version: 7.0.12 Version: 6.7.2 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 7.3.4 Version: 7.4.2 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 Version: 24.2.2 Version: 7.8.23 Version: 7.11.21 Version: 24.2.20 Version: 24.3.2 Version: 24.4.10 Version: 6.5.35 Version: 24.3.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:20.825665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:30:58.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "24.3.2"
},
{
"status": "affected",
"version": "24.4.10"
},
{
"status": "affected",
"version": "6.5.35"
},
{
"status": "affected",
"version": "24.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:06.736Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-priv-esc-GFQjxvOF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-iosxr-priv-esc-GFQjxvOF",
"defects": [
"CSCwj33398"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software CLI Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20138",
"datePublished": "2025-03-12T16:12:06.736Z",
"dateReserved": "2024-10-10T19:15:13.213Z",
"dateUpdated": "2025-03-14T15:30:58.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…