Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
CVE-2025-1786 (GCVE-0-2025-1786)
Vulnerability from cvelistv5 – Published: 2025-03-01 10:00 – Updated: 2025-03-03 20:35
VLAI
Title
rizinorg rizin pdb.c msf_stream_directory_free buffer overflow
Summary
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298007 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298007 | signaturepermissions-required |
| https://vuldb.com/?submit.502317 | third-party-advisory |
| https://github.com/rizinorg/rizin/issues/4893 | issue-tracking |
| https://github.com/user-attachments/files/1876573… | exploit |
| https://github.com/rizinorg/rizin/milestone/18 | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:35:36.363409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:35:48.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rizinorg/rizin/issues/4893"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "0.7.0"
},
{
"status": "affected",
"version": "0.7.1"
},
{
"status": "affected",
"version": "0.7.2"
},
{
"status": "affected",
"version": "0.7.3"
},
{
"status": "affected",
"version": "0.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in rizinorg rizin bis 0.7.4 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion msf_stream_directory_free in der Bibliothek /librz/bin/pdb/pdb.c. Mittels Manipulieren des Arguments -P mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.8.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T10:00:07.495Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298007 | rizinorg rizin pdb.c msf_stream_directory_free buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298007"
},
{
"name": "VDB-298007 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298007"
},
{
"name": "Submit #502317 | https://github.com/rizinorg/rizin rizin/rz-bin 309f57434dfa17954f02cdcbb3a2ac4108651767 Buffer Over-read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.502317"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4893"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/18765730/rz-bin-6fb50-poc.zip"
},
{
"tags": [
"patch"
],
"url": "https://github.com/rizinorg/rizin/milestone/18"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-28T18:05:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "rizinorg rizin pdb.c msf_stream_directory_free buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1786",
"datePublished": "2025-03-01T10:00:07.495Z",
"dateReserved": "2025-02-28T17:00:47.146Z",
"dateUpdated": "2025-03-03T20:35:48.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1852 (GCVE-0-2025-1852)
Vulnerability from cvelistv5 – Published: 2025-03-03 05:31 – Updated: 2025-03-03 17:19
VLAI
Title
Totolink EX1800T cstecgi.cgi loginAuth buffer overflow
Summary
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298120 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298120 | signaturepermissions-required |
| https://vuldb.com/?submit.505362 | third-party-advisory |
| https://github.com/watermelon-happy/cve/blob/main… | exploit |
| https://www.totolink.net/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1852",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T17:18:59.736991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:19:05.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watermelon-happy/cve/blob/main/ex1800tCVE.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EX1800T",
"vendor": "Totolink",
"versions": [
{
"status": "affected",
"version": "9.1.0cu.2112_B20220316"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "watermelon-happy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Totolink EX1800T 9.1.0cu.2112_B20220316 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion loginAuth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments password mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T05:31:06.795Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298120 | Totolink EX1800T cstecgi.cgi loginAuth buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298120"
},
{
"name": "VDB-298120 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298120"
},
{
"name": "Submit #505362 | totolink EX1800T V9.1.0cu.2112_B20220316 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.505362"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/watermelon-happy/cve/blob/main/ex1800tCVE.md"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-02T21:13:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Totolink EX1800T cstecgi.cgi loginAuth buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1852",
"datePublished": "2025-03-03T05:31:06.795Z",
"dateReserved": "2025-03-02T20:08:03.083Z",
"dateUpdated": "2025-03-03T17:19:05.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1895 (GCVE-0-2025-1895)
Vulnerability from cvelistv5 – Published: 2025-03-04 01:00 – Updated: 2025-03-04 15:18
VLAI
Title
Tenda TX3 setMacFilterCfg buffer overflow
Summary
A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298413 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298413 | signaturepermissions-required |
| https://vuldb.com/?submit.506601 | third-party-advisory |
| https://github.com/2664521593/mycve/blob/main/Ten… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1895",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T15:17:56.641104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T15:18:29.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda TX3 16.03.13.11_multi entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /goform/setMacFilterCfg. Mittels dem Manipulieren des Arguments deviceList mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T01:00:11.682Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298413 | Tenda TX3 setMacFilterCfg buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298413"
},
{
"name": "VDB-298413 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298413"
},
{
"name": "Submit #506601 | Tenda TX3 V16.03.13.11_multi buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506601"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_1.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:27:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda TX3 setMacFilterCfg buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1895",
"datePublished": "2025-03-04T01:00:11.682Z",
"dateReserved": "2025-03-03T18:22:04.638Z",
"dateUpdated": "2025-03-04T15:18:29.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1896 (GCVE-0-2025-1896)
Vulnerability from cvelistv5 – Published: 2025-03-04 01:31 – Updated: 2025-03-04 15:17
VLAI
Title
Tenda TX3 SetStaticRouteCfg buffer overflow
Summary
A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298414 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298414 | signaturepermissions-required |
| https://vuldb.com/?submit.506602 | third-party-advisory |
| https://github.com/2664521593/mycve/blob/main/Ten… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T15:16:46.468801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T15:17:10.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda TX3 16.03.13.11_multi wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /goform/SetStaticRouteCfg. Mittels Manipulieren des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T01:31:05.653Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298414 | Tenda TX3 SetStaticRouteCfg buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298414"
},
{
"name": "VDB-298414 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298414"
},
{
"name": "Submit #506602 | Tenda TX3 V16.03.13.11_multi buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506602"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_2.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:27:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda TX3 SetStaticRouteCfg buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1896",
"datePublished": "2025-03-04T01:31:05.653Z",
"dateReserved": "2025-03-03T18:22:07.019Z",
"dateUpdated": "2025-03-04T15:17:10.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1897 (GCVE-0-2025-1897)
Vulnerability from cvelistv5 – Published: 2025-03-04 01:31 – Updated: 2025-03-04 14:39
VLAI
Title
Tenda TX3 SetNetControlList buffer overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298415 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298415 | signaturepermissions-required |
| https://vuldb.com/?submit.506604 | third-party-advisory |
| https://github.com/2664521593/mycve/blob/main/Ten… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1897",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T14:38:50.833988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T14:39:10.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda TX3 16.03.13.11_multi entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /goform/SetNetControlList. Durch das Manipulieren des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T01:31:09.420Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298415 | Tenda TX3 SetNetControlList buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298415"
},
{
"name": "VDB-298415 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298415"
},
{
"name": "Submit #506604 | Tenda TX3 V16.03.13.11_multi buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506604"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_3.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:27:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda TX3 SetNetControlList buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1897",
"datePublished": "2025-03-04T01:31:09.420Z",
"dateReserved": "2025-03-03T18:22:09.764Z",
"dateUpdated": "2025-03-04T14:39:10.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1898 (GCVE-0-2025-1898)
Vulnerability from cvelistv5 – Published: 2025-03-04 02:00 – Updated: 2025-03-04 14:38
VLAI
Title
Tenda TX3 openSchedWifi buffer overflow
Summary
A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298416 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298416 | signaturepermissions-required |
| https://vuldb.com/?submit.506606 | third-party-advisory |
| https://github.com/2664521593/mycve/blob/main/Ten… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T14:36:27.314637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T14:38:08.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda TX3 16.03.13.11_multi gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /goform/openSchedWifi. Durch Manipulieren des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T02:00:08.711Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298416 | Tenda TX3 openSchedWifi buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298416"
},
{
"name": "VDB-298416 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298416"
},
{
"name": "Submit #506606 | Tenda TX3 V16.03.13.11_multi buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506606"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_4.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:27:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda TX3 openSchedWifi buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1898",
"datePublished": "2025-03-04T02:00:08.711Z",
"dateReserved": "2025-03-03T18:22:12.721Z",
"dateUpdated": "2025-03-04T14:38:08.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1899 (GCVE-0-2025-1899)
Vulnerability from cvelistv5 – Published: 2025-03-04 02:31 – Updated: 2025-03-04 14:35
VLAI
Title
Tenda TX3 setPptpUserList buffer overflow
Summary
A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298417 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298417 | signaturepermissions-required |
| https://vuldb.com/?submit.506607 | third-party-advisory |
| https://github.com/2664521593/mycve/blob/main/Ten… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T14:35:09.254973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T14:35:32.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda TX3 16.03.13.11_multi wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/setPptpUserList. Durch das Beeinflussen des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T02:31:06.509Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298417 | Tenda TX3 setPptpUserList buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298417"
},
{
"name": "VDB-298417 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298417"
},
{
"name": "Submit #506607 | Tenda TX3 V16.03.13.11_multi buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506607"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_5.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T19:27:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda TX3 setPptpUserList buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1899",
"datePublished": "2025-03-04T02:31:06.509Z",
"dateReserved": "2025-03-03T18:22:15.766Z",
"dateUpdated": "2025-03-04T14:35:32.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20115 (GCVE-0-2025-20115)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:11 – Updated: 2025-03-21 20:35
VLAI
Title
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
Summary
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.8.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.5.52 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.2.2 Affected: 7.8.23 Affected: 7.11.21 Affected: 24.2.20 Affected: 6.5.35 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:39.499211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:55.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "6.5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)\u0026nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of a public announcement about this issue. This announcement is not specific to Cisco IOS XR Software and can be found at .\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:11:58.731Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-bgp-dos-O7stePhX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-iosxr-bgp-dos-O7stePhX",
"defects": [
"CSCwk15887"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20115",
"datePublished": "2025-03-12T16:11:58.731Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-03-21T20:35:55.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20149 (GCVE-0-2025-20149)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:14 – Updated: 2025-09-24 17:32
VLAI
Summary
A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | IOS |
Affected:
15.2(1)S
Affected: 15.2(2)S Affected: 15.2(1)S1 Affected: 15.2(4)S Affected: 15.2(1)S2 Affected: 15.2(2)S1 Affected: 15.2(2)S2 Affected: 15.2(2)S0a Affected: 15.2(2)S0c Affected: 15.2(4)S1 Affected: 15.2(4)S4 Affected: 15.2(4)S6 Affected: 15.2(4)S2 Affected: 15.2(4)S5 Affected: 15.2(4)S3 Affected: 15.2(4)S3a Affected: 15.2(4)S4a Affected: 15.2(4)S7 Affected: 15.3(1)T Affected: 15.3(2)T Affected: 15.3(1)T1 Affected: 15.3(1)T2 Affected: 15.3(1)T3 Affected: 15.3(1)T4 Affected: 15.3(2)T1 Affected: 15.3(2)T2 Affected: 15.3(2)T3 Affected: 15.3(2)T4 Affected: 15.0(2)EY Affected: 15.0(2)EY1 Affected: 15.0(2)EY2 Affected: 15.0(2)EY3 Affected: 15.1(2)S Affected: 15.1(3)S Affected: 15.1(2)S1 Affected: 15.1(2)S2 Affected: 15.1(3)S1 Affected: 15.1(3)S0a Affected: 15.1(3)S2 Affected: 15.1(3)S4 Affected: 15.1(3)S3 Affected: 15.1(3)S5 Affected: 15.1(3)S6 Affected: 15.1(3)S5a Affected: 15.1(4)M3 Affected: 15.1(4)M Affected: 15.1(4)M1 Affected: 15.1(4)M2 Affected: 15.1(4)M6 Affected: 15.1(4)M5 Affected: 15.1(4)M4 Affected: 15.1(4)M7 Affected: 15.1(4)M3a Affected: 15.1(4)M10 Affected: 15.1(4)M8 Affected: 15.1(4)M9 Affected: 15.0(2)SE Affected: 15.0(2)SE1 Affected: 15.0(2)SE2 Affected: 15.0(2)SE3 Affected: 15.0(2)SE4 Affected: 15.0(2)SE5 Affected: 15.0(2)SE6 Affected: 15.0(2)SE7 Affected: 15.0(2)SE8 Affected: 15.0(2)SE9 Affected: 15.0(2)SE10 Affected: 15.0(2)SE11 Affected: 15.0(2)SE10a Affected: 15.0(2)SE12 Affected: 15.0(2)SE13 Affected: 15.1(4)GC Affected: 15.1(4)GC1 Affected: 15.1(4)GC2 Affected: 15.1(1)SG Affected: 15.1(2)SG Affected: 15.1(1)SG1 Affected: 15.1(1)SG2 Affected: 15.1(2)SG1 Affected: 15.1(2)SG2 Affected: 15.1(2)SG3 Affected: 15.1(2)SG4 Affected: 15.1(2)SG5 Affected: 15.1(2)SG6 Affected: 15.1(2)SG7 Affected: 15.1(2)SG8 Affected: 15.2(4)M Affected: 15.2(4)M1 Affected: 15.2(4)M2 Affected: 15.2(4)M4 Affected: 15.2(4)M3 Affected: 15.2(4)M5 Affected: 15.2(4)M8 Affected: 15.2(4)M10 Affected: 15.2(4)M7 Affected: 15.2(4)M6 Affected: 15.2(4)M9 Affected: 15.2(4)M6a Affected: 15.2(4)M11 Affected: 15.0(1)EX Affected: 15.0(2)EX Affected: 15.0(2)EX1 Affected: 15.0(2)EX2 Affected: 15.0(2)EX3 Affected: 15.0(2)EX4 Affected: 15.0(2)EX5 Affected: 15.0(2)EX8 Affected: 15.0(2a)EX5 Affected: 15.0(2)EX10 Affected: 15.0(2)EX11 Affected: 15.0(2)EX13 Affected: 15.0(2)EX12 Affected: 15.2(1)GC Affected: 15.2(1)GC1 Affected: 15.2(1)GC2 Affected: 15.2(2)GC Affected: 15.2(3)GC Affected: 15.2(3)GC1 Affected: 15.2(4)GC Affected: 15.2(4)GC1 Affected: 15.2(4)GC2 Affected: 15.2(4)GC3 Affected: 15.1(1)SY Affected: 15.1(1)SY1 Affected: 15.1(2)SY Affected: 15.1(2)SY1 Affected: 15.1(2)SY2 Affected: 15.1(1)SY2 Affected: 15.1(1)SY3 Affected: 15.1(2)SY3 Affected: 15.1(1)SY4 Affected: 15.1(2)SY4 Affected: 15.1(1)SY5 Affected: 15.1(2)SY5 Affected: 15.1(2)SY4a Affected: 15.1(1)SY6 Affected: 15.1(2)SY6 Affected: 15.1(2)SY7 Affected: 15.1(2)SY8 Affected: 15.1(2)SY9 Affected: 15.1(2)SY10 Affected: 15.1(2)SY11 Affected: 15.1(2)SY12 Affected: 15.1(2)SY13 Affected: 15.1(2)SY14 Affected: 15.1(2)SY15 Affected: 15.1(2)SY16 Affected: 15.3(1)S Affected: 15.3(2)S Affected: 15.3(3)S Affected: 15.3(1)S2 Affected: 15.3(1)S1 Affected: 15.3(2)S2 Affected: 15.3(2)S1 Affected: 15.3(3)S1 Affected: 15.3(3)S2 Affected: 15.3(3)S3 Affected: 15.3(3)S6 Affected: 15.3(3)S4 Affected: 15.3(3)S1a Affected: 15.3(3)S5 Affected: 15.3(3)S7 Affected: 15.3(3)S8 Affected: 15.3(3)S9 Affected: 15.3(3)S10 Affected: 15.3(3)S8a Affected: 15.4(1)T Affected: 15.4(2)T Affected: 15.4(1)T2 Affected: 15.4(1)T1 Affected: 15.4(1)T3 Affected: 15.4(2)T1 Affected: 15.4(2)T3 Affected: 15.4(2)T2 Affected: 15.4(1)T4 Affected: 15.4(2)T4 Affected: 15.0(2)EA Affected: 15.0(2)EA1 Affected: 15.2(1)E Affected: 15.2(2)E Affected: 15.2(1)E1 Affected: 15.2(3)E Affected: 15.2(1)E2 Affected: 15.2(1)E3 Affected: 15.2(2)E1 Affected: 15.2(4)E Affected: 15.2(3)E1 Affected: 15.2(2)E2 Affected: 15.2(2a)E1 Affected: 15.2(2)E3 Affected: 15.2(2a)E2 Affected: 15.2(3)E2 Affected: 15.2(3a)E Affected: 15.2(3)E3 Affected: 15.2(4)E1 Affected: 15.2(2)E4 Affected: 15.2(2)E5 Affected: 15.2(4)E2 Affected: 15.2(3)E4 Affected: 15.2(5)E Affected: 15.2(4)E3 Affected: 15.2(2)E6 Affected: 15.2(5a)E Affected: 15.2(5)E1 Affected: 15.2(5b)E Affected: 15.2(2)E5a Affected: 15.2(5c)E Affected: 15.2(2)E5b Affected: 15.2(5a)E1 Affected: 15.2(4)E4 Affected: 15.2(2)E7 Affected: 15.2(5)E2 Affected: 15.2(6)E Affected: 15.2(4)E5 Affected: 15.2(5)E2c Affected: 15.2(2)E8 Affected: 15.2(6)E0a Affected: 15.2(6)E1 Affected: 15.2(6)E0c Affected: 15.2(4)E6 Affected: 15.2(6)E2 Affected: 15.2(2)E9 Affected: 15.2(4)E7 Affected: 15.2(7)E Affected: 15.2(2)E10 Affected: 15.2(4)E8 Affected: 15.2(6)E2a Affected: 15.2(6)E2b Affected: 15.2(7)E1 Affected: 15.2(7)E0a Affected: 15.2(7)E0b Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(4)E9 Affected: 15.2(7)E2 Affected: 15.2(7a)E0b Affected: 15.2(4)E10 Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7b)E0b Affected: 15.2(7)E2a Affected: 15.2(4)E10a Affected: 15.2(7)E4 Affected: 15.2(7)E3k Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(4)E10d Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.2(7)E9 Affected: 15.2(8)E5 Affected: 15.2(8)E6 Affected: 15.2(7)E10 Affected: 15.2(7)E11 Affected: 15.2(8)E7 Affected: 15.1(3)MRA Affected: 15.1(3)MRA1 Affected: 15.1(3)MRA2 Affected: 15.1(3)MRA3 Affected: 15.1(3)MRA4 Affected: 15.1(3)SVB1 Affected: 15.1(3)SVB2 Affected: 15.2(2)JB Affected: 15.2(2)JB2 Affected: 15.2(4)JB Affected: 15.2(2)JB3 Affected: 15.2(4)JB1 Affected: 15.2(4)JB2 Affected: 15.2(4)JB3 Affected: 15.2(4)JB3a Affected: 15.2(2)JB4 Affected: 15.2(4)JB4 Affected: 15.2(4)JB3h Affected: 15.2(4)JB3b Affected: 15.2(4)JB3s Affected: 15.2(4)JB5h Affected: 15.2(4)JB5 Affected: 15.2(4)JB5m Affected: 15.2(4)JB6 Affected: 15.2(2)JB5 Affected: 15.2(2)JB6 Affected: 15.4(1)S Affected: 15.4(2)S Affected: 15.4(3)S Affected: 15.4(1)S1 Affected: 15.4(1)S2 Affected: 15.4(2)S1 Affected: 15.4(1)S3 Affected: 15.4(3)S1 Affected: 15.4(2)S2 Affected: 15.4(3)S2 Affected: 15.4(3)S3 Affected: 15.4(1)S4 Affected: 15.4(2)S3 Affected: 15.4(2)S4 Affected: 15.4(3)S4 Affected: 15.4(3)S5 Affected: 15.4(3)S6 Affected: 15.4(3)S7 Affected: 15.4(3)S6a Affected: 15.4(3)S8 Affected: 15.4(3)S9 Affected: 15.4(3)S10 Affected: 15.2(2)JAX Affected: 15.3(3)M Affected: 15.3(3)M1 Affected: 15.3(3)M2 Affected: 15.3(3)M3 Affected: 15.3(3)M5 Affected: 15.3(3)M4 Affected: 15.3(3)M6 Affected: 15.3(3)M7 Affected: 15.3(3)M8 Affected: 15.3(3)M9 Affected: 15.3(3)M10 Affected: 15.3(3)M8a Affected: 15.2(4)JN Affected: 15.0(2)EZ Affected: 15.1(3)SVD Affected: 15.1(3)SVD1 Affected: 15.1(3)SVD2 Affected: 15.2(1)EY Affected: 15.0(2)EJ Affected: 15.0(2)EJ1 Affected: 15.2(1)SY Affected: 15.2(1)SY1 Affected: 15.2(1)SY0a Affected: 15.2(1)SY2 Affected: 15.2(2)SY Affected: 15.2(1)SY1a Affected: 15.2(2)SY1 Affected: 15.2(2)SY2 Affected: 15.2(1)SY3 Affected: 15.2(1)SY4 Affected: 15.2(2)SY3 Affected: 15.2(1)SY5 Affected: 15.2(1)SY6 Affected: 15.2(1)SY7 Affected: 15.2(1)SY8 Affected: 15.2(5)EX Affected: 15.1(3)SVF Affected: 15.1(3)SVF1 Affected: 15.1(3)SVE Affected: 15.0(2)EK Affected: 15.0(2)EK1 Affected: 15.4(1)CG Affected: 15.4(1)CG1 Affected: 15.4(2)CG Affected: 15.5(1)S Affected: 15.5(2)S Affected: 15.5(1)S1 Affected: 15.5(3)S Affected: 15.5(1)S2 Affected: 15.5(1)S3 Affected: 15.5(2)S1 Affected: 15.5(2)S2 Affected: 15.5(3)S1 Affected: 15.5(3)S1a Affected: 15.5(2)S3 Affected: 15.5(3)S2 Affected: 15.5(3)S0a Affected: 15.5(3)S3 Affected: 15.5(1)S4 Affected: 15.5(2)S4 Affected: 15.5(3)S4 Affected: 15.5(3)S5 Affected: 15.5(3)S6 Affected: 15.5(3)S6a Affected: 15.5(3)S7 Affected: 15.5(3)S6b Affected: 15.5(3)S8 Affected: 15.5(3)S9 Affected: 15.5(3)S10 Affected: 15.5(3)S9a Affected: 15.1(3)SVG Affected: 15.2(2)EB Affected: 15.2(2)EB1 Affected: 15.2(2)EB2 Affected: 15.2(6)EB Affected: 15.5(1)T Affected: 15.5(1)T1 Affected: 15.5(2)T Affected: 15.5(1)T2 Affected: 15.5(1)T3 Affected: 15.5(2)T1 Affected: 15.5(2)T2 Affected: 15.5(2)T3 Affected: 15.5(2)T4 Affected: 15.5(1)T4 Affected: 15.2(2)EA Affected: 15.2(2)EA1 Affected: 15.2(2)EA2 Affected: 15.2(3)EA Affected: 15.2(4)EA Affected: 15.2(4)EA1 Affected: 15.2(2)EA3 Affected: 15.2(4)EA3 Affected: 15.2(5)EA Affected: 15.2(4)EA4 Affected: 15.2(4)EA5 Affected: 15.2(4)EA6 Affected: 15.2(4)EA7 Affected: 15.2(4)EA8 Affected: 15.2(4)EA9 Affected: 15.2(4)EA9a Affected: 15.3(3)JN3 Affected: 15.3(3)JN4 Affected: 15.3(3)JN7 Affected: 15.3(3)JN8 Affected: 15.3(3)JN9 Affected: 15.5(3)M Affected: 15.5(3)M1 Affected: 15.5(3)M0a Affected: 15.5(3)M2 Affected: 15.5(3)M3 Affected: 15.5(3)M4 Affected: 15.5(3)M4a Affected: 15.5(3)M5 Affected: 15.5(3)M6 Affected: 15.5(3)M7 Affected: 15.5(3)M6a Affected: 15.5(3)M8 Affected: 15.5(3)M9 Affected: 15.5(3)M10 Affected: 15.3(3)JA Affected: 15.3(3)JA1m Affected: 15.3(3)JA1 Affected: 15.3(3)JA4 Affected: 15.3(3)JA5 Affected: 15.3(3)JA6 Affected: 15.3(3)JA7 Affected: 15.3(3)JA8 Affected: 15.3(3)JA10 Affected: 15.3(3)JA11 Affected: 15.3(3)JA12 Affected: 15.3(3)JAA Affected: 15.3(3)JAA11 Affected: 15.3(3)JAA12 Affected: 15.3(3)JAB Affected: 15.3(3)JB Affected: 15.5(3)SN Affected: 15.6(1)S Affected: 15.6(2)S Affected: 15.6(2)S1 Affected: 15.6(1)S1 Affected: 15.6(1)S2 Affected: 15.6(2)S2 Affected: 15.6(1)S3 Affected: 15.6(2)S3 Affected: 15.6(1)S4 Affected: 15.6(2)S4 Affected: 15.6(1)T Affected: 15.6(2)T Affected: 15.6(1)T0a Affected: 15.6(1)T1 Affected: 15.6(2)T1 Affected: 15.6(1)T2 Affected: 15.6(2)T2 Affected: 15.6(1)T3 Affected: 15.6(2)T3 Affected: 15.3(3)JNB Affected: 15.3(3)JNB1 Affected: 15.3(3)JNB2 Affected: 15.3(3)JNB3 Affected: 15.3(3)JNB4 Affected: 15.3(3)JNB6 Affected: 15.3(3)JNB5 Affected: 15.3(3)JAX Affected: 15.3(3)JAX1 Affected: 15.3(3)JAX2 Affected: 15.3(3)JBB Affected: 15.3(3)JBB1 Affected: 15.3(3)JBB2 Affected: 15.3(3)JBB4 Affected: 15.3(3)JBB5 Affected: 15.3(3)JBB6 Affected: 15.3(3)JBB8 Affected: 15.3(3)JBB6a Affected: 15.3(3)JC Affected: 15.3(3)JC1 Affected: 15.3(3)JC2 Affected: 15.3(3)JC3 Affected: 15.3(3)JC4 Affected: 15.3(3)JC5 Affected: 15.3(3)JC6 Affected: 15.3(3)JC8 Affected: 15.3(3)JC9 Affected: 15.3(3)JC14 Affected: 15.3(1)SY Affected: 15.3(1)SY1 Affected: 15.3(1)SY2 Affected: 15.3(3)JNC Affected: 15.3(3)JNC1 Affected: 15.3(3)JNC2 Affected: 15.3(3)JNC3 Affected: 15.3(3)JNC4 Affected: 15.3(3)JNP Affected: 15.3(3)JNP1 Affected: 15.3(3)JNP3 Affected: 15.6(2)SP Affected: 15.6(2)SP1 Affected: 15.6(2)SP2 Affected: 15.6(2)SP3 Affected: 15.6(2)SP4 Affected: 15.6(2)SP5 Affected: 15.6(2)SP6 Affected: 15.6(2)SP7 Affected: 15.6(2)SP8 Affected: 15.6(2)SP9 Affected: 15.6(2)SN Affected: 15.3(3)JPB Affected: 15.3(3)JPB1 Affected: 15.3(3)JD Affected: 15.3(3)JD2 Affected: 15.3(3)JD3 Affected: 15.3(3)JD4 Affected: 15.3(3)JD5 Affected: 15.3(3)JD6 Affected: 15.3(3)JD7 Affected: 15.3(3)JD8 Affected: 15.3(3)JD9 Affected: 15.3(3)JD11 Affected: 15.3(3)JD13 Affected: 15.3(3)JD14 Affected: 15.3(3)JD16 Affected: 15.3(3)JD17 Affected: 15.6(3)M Affected: 15.6(3)M1 Affected: 15.6(3)M0a Affected: 15.6(3)M1b Affected: 15.6(3)M2 Affected: 15.6(3)M2a Affected: 15.6(3)M3 Affected: 15.6(3)M3a Affected: 15.6(3)M4 Affected: 15.6(3)M5 Affected: 15.6(3)M6 Affected: 15.6(3)M7 Affected: 15.6(3)M6a Affected: 15.6(3)M6b Affected: 15.6(3)M8 Affected: 15.6(3)M9 Affected: 15.1(3)SVJ2 Affected: 15.2(4)EC1 Affected: 15.2(4)EC2 Affected: 15.3(3)JPC Affected: 15.3(3)JPC1 Affected: 15.3(3)JPC2 Affected: 15.3(3)JPC3 Affected: 15.3(3)JPC100 Affected: 15.3(3)JPC5 Affected: 15.3(3)JND Affected: 15.3(3)JND1 Affected: 15.3(3)JND2 Affected: 15.3(3)JND3 Affected: 15.4(1)SY Affected: 15.4(1)SY1 Affected: 15.4(1)SY2 Affected: 15.4(1)SY3 Affected: 15.4(1)SY4 Affected: 15.3(3)JE Affected: 15.3(3)JPD Affected: 15.3(3)JDA7 Affected: 15.3(3)JDA8 Affected: 15.3(3)JDA9 Affected: 15.3(3)JDA11 Affected: 15.3(3)JDA13 Affected: 15.3(3)JDA14 Affected: 15.3(3)JDA16 Affected: 15.3(3)JDA17 Affected: 15.5(1)SY Affected: 15.5(1)SY1 Affected: 15.5(1)SY2 Affected: 15.5(1)SY3 Affected: 15.5(1)SY4 Affected: 15.5(1)SY5 Affected: 15.5(1)SY6 Affected: 15.5(1)SY7 Affected: 15.5(1)SY8 Affected: 15.5(1)SY9 Affected: 15.5(1)SY10 Affected: 15.5(1)SY11 Affected: 15.5(1)SY12 Affected: 15.5(1)SY13 Affected: 15.5(1)SY14 Affected: 15.3(3)JF Affected: 15.3(3)JF1 Affected: 15.3(3)JF2 Affected: 15.3(3)JF4 Affected: 15.3(3)JF5 Affected: 15.3(3)JF6 Affected: 15.3(3)JF7 Affected: 15.3(3)JF8 Affected: 15.3(3)JF9 Affected: 15.3(3)JF10 Affected: 15.3(3)JF11 Affected: 15.3(3)JF12 Affected: 15.3(3)JF12i Affected: 15.3(3)JF14 Affected: 15.3(3)JF14i Affected: 15.3(3)JF15 Affected: 15.3(3)JCA7 Affected: 15.3(3)JCA8 Affected: 15.3(3)JCA9 Affected: 15.7(3)M Affected: 15.7(3)M1 Affected: 15.7(3)M0a Affected: 15.7(3)M3 Affected: 15.7(3)M2 Affected: 15.7(3)M4 Affected: 15.7(3)M5 Affected: 15.7(3)M4a Affected: 15.7(3)M4b Affected: 15.7(3)M6 Affected: 15.7(3)M7 Affected: 15.7(3)M8 Affected: 15.7(3)M9 Affected: 15.3(3)JG Affected: 15.3(3)JG1 Affected: 15.3(3)JH Affected: 15.3(3)JH1 Affected: 15.3(3)JI1 Affected: 15.3(3)JI3 Affected: 15.3(3)JI4 Affected: 15.3(3)JI5 Affected: 15.3(3)JI6 Affected: 15.8(3)M Affected: 15.8(3)M1 Affected: 15.8(3)M0a Affected: 15.8(3)M0b Affected: 15.8(3)M2 Affected: 15.8(3)M1a Affected: 15.8(3)M3 Affected: 15.8(3)M2a Affected: 15.8(3)M4 Affected: 15.8(3)M3a Affected: 15.8(3)M3b Affected: 15.8(3)M5 Affected: 15.8(3)M6 Affected: 15.8(3)M7 Affected: 15.8(3)M8 Affected: 15.8(3)M9 Affected: 15.9(3)M Affected: 15.9(3)M1 Affected: 15.9(3)M0a Affected: 15.9(3)M2 Affected: 15.9(3)M3 Affected: 15.9(3)M2a Affected: 15.9(3)M3a Affected: 15.9(3)M4 Affected: 15.9(3)M3b Affected: 15.9(3)M5 Affected: 15.9(3)M4a Affected: 15.9(3)M6 Affected: 15.9(3)M7 Affected: 15.9(3)M6a Affected: 15.9(3)M6b Affected: 15.9(3)M8 Affected: 15.9(3)M7a Affected: 15.9(3)M9 Affected: 15.9(3)M8b Affected: 15.9(3)M10 Affected: 15.3(3)JK Affected: 15.3(3)JK1 Affected: 15.3(3)JK2 Affected: 15.3(3)JK3 Affected: 15.3(3)JK2a Affected: 15.3(3)JK1t Affected: 15.3(3)JK4 Affected: 15.3(3)JK5 Affected: 15.3(3)JK6 Affected: 15.3(3)JK7 Affected: 15.3(3)JK8 Affected: 15.3(3)JK8a Affected: 15.3(3)JK8b Affected: 15.3(3)JK9 Affected: 15.3(3)JK10 Affected: 15.3(3)JK11 Affected: 15.3(3)JJ Affected: 15.3(3)JJ1 Affected: 15.3(3)JPI1 Affected: 15.3(3)JPI4 Affected: 15.3(3)JPI1t Affected: 15.3(3)JPI5 Affected: 15.3(3)JPI7 Affected: 15.3(3)JPI6a Affected: 15.3(3)JPI8a Affected: 15.3(3)JPI9 Affected: 15.3(3)JPI10 Affected: 15.3(3)JPJ2 Affected: 15.3(3)JPJ3 Affected: 15.3(3)JPJ2t Affected: 15.3(3)JPJ3a Affected: 15.3(3)JPJ4 Affected: 15.3(3)JPJ5 Affected: 15.3(3)JPJ6 Affected: 15.3(3)JPJ7 Affected: 15.3(3)JPJ7c Affected: 15.3(3)JPJ8a Affected: 15.3(3)JPJ9 Affected: 15.3(3)JPJ10 Affected: 15.3(3)JPJ11 Affected: 15.3(3)JPK Affected: 15.3(3)JPK1 Affected: 15.3(3)JPK2 Affected: 15.3(3)JPK3 Affected: 15.3(3)JPK4 Affected: 15.3(3)JPK5 Affected: 15.3(3)JPK6 Affected: 15.3(3)JPK7 Affected: 15.3(3)JPK8 Affected: 15.3(3)JPK9 Affected: 15.3(3)JPL Affected: 15.3(3)JPM Affected: 15.3(3)JPN Affected: 15.3(3)JPN1 Affected: 15.3(3)JPN2 Affected: 15.3(3)JPN3 Affected: 15.3(3)JPN4 Affected: 15.3(3)JPN5 Affected: 15.3(3)JPN6 Affected: 15.3(3)JPO Affected: 15.3(3)JPP Affected: 15.3(3)JPQ Affected: 15.3(3)JPQ1 Affected: 15.3(3)JPQ2 Affected: 15.3(3)JPQ3 Affected: 15.3(3)JPQ5 Affected: 15.3(3)JPR Affected: 15.3(3)JPS Affected: 15.3(3)JPT Affected: 15.3(3)JPT1 Affected: 15.3(3)JPT2 Affected: 15.3(3)JPU |
|
| Cisco | Cisco IOS XE Software |
Affected:
3.7.0S
Affected: 3.7.1S Affected: 3.7.2S Affected: 3.7.3S Affected: 3.7.4S Affected: 3.7.5S Affected: 3.7.6S Affected: 3.7.7S Affected: 3.7.4aS Affected: 3.7.2tS Affected: 3.7.0bS Affected: 3.7.1aS Affected: 3.3.0SG Affected: 3.3.2SG Affected: 3.3.1SG Affected: 3.8.0S Affected: 3.8.1S Affected: 3.8.2S Affected: 3.9.1S Affected: 3.9.0S Affected: 3.9.2S Affected: 3.9.1aS Affected: 3.9.0aS Affected: 3.2.0SE Affected: 3.2.1SE Affected: 3.2.2SE Affected: 3.2.3SE Affected: 3.3.0SE Affected: 3.3.1SE Affected: 3.3.2SE Affected: 3.3.3SE Affected: 3.3.4SE Affected: 3.3.5SE Affected: 3.4.0SG Affected: 3.4.2SG Affected: 3.4.1SG Affected: 3.4.3SG Affected: 3.4.4SG Affected: 3.4.5SG Affected: 3.4.6SG Affected: 3.4.7SG Affected: 3.4.8SG Affected: 3.5.0E Affected: 3.5.1E Affected: 3.5.2E Affected: 3.5.3E Affected: 3.11.1S Affected: 3.11.2S Affected: 3.11.0S Affected: 3.11.3S Affected: 3.11.4S Affected: 3.12.0S Affected: 3.12.1S Affected: 3.12.2S Affected: 3.12.3S Affected: 3.12.0aS Affected: 3.12.4S Affected: 3.13.0S Affected: 3.13.1S Affected: 3.13.2S Affected: 3.13.3S Affected: 3.13.4S Affected: 3.13.5S Affected: 3.13.2aS Affected: 3.13.0aS Affected: 3.13.5aS Affected: 3.13.6S Affected: 3.13.7S Affected: 3.13.6aS Affected: 3.13.7aS Affected: 3.13.8S Affected: 3.13.9S Affected: 3.13.10S Affected: 3.6.0E Affected: 3.6.1E Affected: 3.6.2aE Affected: 3.6.2E Affected: 3.6.3E Affected: 3.6.4E Affected: 3.6.5E Affected: 3.6.6E Affected: 3.6.5aE Affected: 3.6.5bE Affected: 3.6.7E Affected: 3.6.8E Affected: 3.6.7bE Affected: 3.6.9E Affected: 3.6.10E Affected: 3.14.0S Affected: 3.14.1S Affected: 3.14.2S Affected: 3.14.3S Affected: 3.14.4S Affected: 3.15.0S Affected: 3.15.1S Affected: 3.15.2S Affected: 3.15.1cS Affected: 3.15.3S Affected: 3.15.4S Affected: 3.7.0E Affected: 3.7.1E Affected: 3.7.2E Affected: 3.7.3E Affected: 3.7.4E Affected: 3.7.5E Affected: 3.16.0S Affected: 3.16.1S Affected: 3.16.1aS Affected: 3.16.2S Affected: 3.16.2aS Affected: 3.16.0cS Affected: 3.16.3S Affected: 3.16.2bS Affected: 3.16.3aS Affected: 3.16.4S Affected: 3.16.4aS Affected: 3.16.4bS Affected: 3.16.5S Affected: 3.16.4dS Affected: 3.16.6S Affected: 3.16.7S Affected: 3.16.6bS Affected: 3.16.7aS Affected: 3.16.7bS Affected: 3.16.8S Affected: 3.16.9S Affected: 3.16.10S Affected: 3.17.0S Affected: 3.17.1S Affected: 3.17.2S Affected: 3.17.1aS Affected: 3.17.3S Affected: 3.17.4S Affected: 16.1.1 Affected: 16.1.2 Affected: 16.1.3 Affected: 16.2.1 Affected: 16.2.2 Affected: 3.8.0E Affected: 3.8.1E Affected: 3.8.2E Affected: 3.8.3E Affected: 3.8.4E Affected: 3.8.5E Affected: 3.8.5aE Affected: 3.8.6E Affected: 3.8.7E Affected: 3.8.8E Affected: 3.8.9E Affected: 3.8.10E Affected: 16.3.1 Affected: 16.3.2 Affected: 16.3.3 Affected: 16.3.1a Affected: 16.3.4 Affected: 16.3.5 Affected: 16.3.5b Affected: 16.3.6 Affected: 16.3.7 Affected: 16.3.8 Affected: 16.3.9 Affected: 16.3.10 Affected: 16.3.11 Affected: 16.4.1 Affected: 16.4.2 Affected: 16.4.3 Affected: 16.5.1 Affected: 16.5.1a Affected: 16.5.1b Affected: 16.5.2 Affected: 16.5.3 Affected: 3.18.0aS Affected: 3.18.0S Affected: 3.18.1S Affected: 3.18.2S Affected: 3.18.3S Affected: 3.18.4S Affected: 3.18.0SP Affected: 3.18.1SP Affected: 3.18.1aSP Affected: 3.18.1bSP Affected: 3.18.1cSP Affected: 3.18.2SP Affected: 3.18.2aSP Affected: 3.18.3SP Affected: 3.18.4SP Affected: 3.18.3aSP Affected: 3.18.3bSP Affected: 3.18.5SP Affected: 3.18.6SP Affected: 3.18.7SP Affected: 3.18.8aSP Affected: 3.18.9SP Affected: 3.9.0E Affected: 3.9.1E Affected: 3.9.2E Affected: 16.6.1 Affected: 16.6.2 Affected: 16.6.3 Affected: 16.6.4 Affected: 16.6.5 Affected: 16.6.4a Affected: 16.6.5a Affected: 16.6.6 Affected: 16.6.7 Affected: 16.6.8 Affected: 16.6.9 Affected: 16.6.10 Affected: 16.7.1 Affected: 16.7.1a Affected: 16.7.1b Affected: 16.7.2 Affected: 16.7.3 Affected: 16.7.4 Affected: 16.8.1 Affected: 16.8.1a Affected: 16.8.1b Affected: 16.8.1s Affected: 16.8.1c Affected: 16.8.1d Affected: 16.8.2 Affected: 16.8.1e Affected: 16.8.3 Affected: 16.9.1 Affected: 16.9.2 Affected: 16.9.1a Affected: 16.9.1b Affected: 16.9.1s Affected: 16.9.3 Affected: 16.9.4 Affected: 16.9.3a Affected: 16.9.5 Affected: 16.9.5f Affected: 16.9.6 Affected: 16.9.7 Affected: 16.9.8 Affected: 16.10.1 Affected: 16.10.1a Affected: 16.10.1b Affected: 16.10.1s Affected: 16.10.1c Affected: 16.10.1e Affected: 16.10.1d Affected: 16.10.2 Affected: 16.10.1f Affected: 16.10.1g Affected: 16.10.3 Affected: 3.10.0E Affected: 3.10.1E Affected: 3.10.0cE Affected: 3.10.2E Affected: 3.10.3E Affected: 16.11.1 Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.1w Affected: 16.12.2 Affected: 16.12.1y Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1x Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.1z1 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.1z2 Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 16.12.10 Affected: 16.12.10a Affected: 16.12.11 Affected: 16.12.12 Affected: 3.11.0E Affected: 3.11.1E Affected: 3.11.2E Affected: 3.11.3E Affected: 3.11.1aE Affected: 3.11.4E Affected: 3.11.3aE Affected: 3.11.5E Affected: 3.11.6E Affected: 3.11.7E Affected: 3.11.8E Affected: 3.11.9E Affected: 3.11.10E Affected: 3.11.11E Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.1w Affected: 17.3.2a Affected: 17.3.1x Affected: 17.3.1z Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1w Affected: 17.6.1a Affected: 17.6.1x Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.1z Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.1z1 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.6.7 Affected: 17.6.8 Affected: 17.6.8a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.1w Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.1x Affected: 17.9.1y Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.1x1 Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.1y1 Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.5e Affected: 17.9.5f Affected: 17.9.7b Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1w Affected: 17.12.1a Affected: 17.12.1x Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.2a Affected: 17.12.1y Affected: 17.12.1z Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z1 Affected: 17.12.1z2 Affected: 17.12.4a Affected: 17.12.4b Affected: 17.12.1z3 Affected: 17.12.5c Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.11.99SW Affected: 17.15.1 Affected: 17.15.1w Affected: 17.15.1a Affected: 17.15.2 Affected: 17.15.1b Affected: 17.15.1x Affected: 17.15.1z Affected: 17.15.2c Affected: 17.15.2a Affected: 17.15.2b |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:31:31.232705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:32:27.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(1)S"
},
{
"status": "affected",
"version": "15.2(2)S"
},
{
"status": "affected",
"version": "15.2(1)S1"
},
{
"status": "affected",
"version": "15.2(4)S"
},
{
"status": "affected",
"version": "15.2(1)S2"
},
{
"status": "affected",
"version": "15.2(2)S1"
},
{
"status": "affected",
"version": "15.2(2)S2"
},
{
"status": "affected",
"version": "15.2(2)S0a"
},
{
"status": "affected",
"version": "15.2(2)S0c"
},
{
"status": "affected",
"version": "15.2(4)S1"
},
{
"status": "affected",
"version": "15.2(4)S4"
},
{
"status": "affected",
"version": "15.2(4)S6"
},
{
"status": "affected",
"version": "15.2(4)S2"
},
{
"status": "affected",
"version": "15.2(4)S5"
},
{
"status": "affected",
"version": "15.2(4)S3"
},
{
"status": "affected",
"version": "15.2(4)S3a"
},
{
"status": "affected",
"version": "15.2(4)S4a"
},
{
"status": "affected",
"version": "15.2(4)S7"
},
{
"status": "affected",
"version": "15.3(1)T"
},
{
"status": "affected",
"version": "15.3(2)T"
},
{
"status": "affected",
"version": "15.3(1)T1"
},
{
"status": "affected",
"version": "15.3(1)T2"
},
{
"status": "affected",
"version": "15.3(1)T3"
},
{
"status": "affected",
"version": "15.3(1)T4"
},
{
"status": "affected",
"version": "15.3(2)T1"
},
{
"status": "affected",
"version": "15.3(2)T2"
},
{
"status": "affected",
"version": "15.3(2)T3"
},
{
"status": "affected",
"version": "15.3(2)T4"
},
{
"status": "affected",
"version": "15.0(2)EY"
},
{
"status": "affected",
"version": "15.0(2)EY1"
},
{
"status": "affected",
"version": "15.0(2)EY2"
},
{
"status": "affected",
"version": "15.0(2)EY3"
},
{
"status": "affected",
"version": "15.1(2)S"
},
{
"status": "affected",
"version": "15.1(3)S"
},
{
"status": "affected",
"version": "15.1(2)S1"
},
{
"status": "affected",
"version": "15.1(2)S2"
},
{
"status": "affected",
"version": "15.1(3)S1"
},
{
"status": "affected",
"version": "15.1(3)S0a"
},
{
"status": "affected",
"version": "15.1(3)S2"
},
{
"status": "affected",
"version": "15.1(3)S4"
},
{
"status": "affected",
"version": "15.1(3)S3"
},
{
"status": "affected",
"version": "15.1(3)S5"
},
{
"status": "affected",
"version": "15.1(3)S6"
},
{
"status": "affected",
"version": "15.1(3)S5a"
},
{
"status": "affected",
"version": "15.1(4)M3"
},
{
"status": "affected",
"version": "15.1(4)M"
},
{
"status": "affected",
"version": "15.1(4)M1"
},
{
"status": "affected",
"version": "15.1(4)M2"
},
{
"status": "affected",
"version": "15.1(4)M6"
},
{
"status": "affected",
"version": "15.1(4)M5"
},
{
"status": "affected",
"version": "15.1(4)M4"
},
{
"status": "affected",
"version": "15.1(4)M7"
},
{
"status": "affected",
"version": "15.1(4)M3a"
},
{
"status": "affected",
"version": "15.1(4)M10"
},
{
"status": "affected",
"version": "15.1(4)M8"
},
{
"status": "affected",
"version": "15.1(4)M9"
},
{
"status": "affected",
"version": "15.0(2)SE"
},
{
"status": "affected",
"version": "15.0(2)SE1"
},
{
"status": "affected",
"version": "15.0(2)SE2"
},
{
"status": "affected",
"version": "15.0(2)SE3"
},
{
"status": "affected",
"version": "15.0(2)SE4"
},
{
"status": "affected",
"version": "15.0(2)SE5"
},
{
"status": "affected",
"version": "15.0(2)SE6"
},
{
"status": "affected",
"version": "15.0(2)SE7"
},
{
"status": "affected",
"version": "15.0(2)SE8"
},
{
"status": "affected",
"version": "15.0(2)SE9"
},
{
"status": "affected",
"version": "15.0(2)SE10"
},
{
"status": "affected",
"version": "15.0(2)SE11"
},
{
"status": "affected",
"version": "15.0(2)SE10a"
},
{
"status": "affected",
"version": "15.0(2)SE12"
},
{
"status": "affected",
"version": "15.0(2)SE13"
},
{
"status": "affected",
"version": "15.1(4)GC"
},
{
"status": "affected",
"version": "15.1(4)GC1"
},
{
"status": "affected",
"version": "15.1(4)GC2"
},
{
"status": "affected",
"version": "15.1(1)SG"
},
{
"status": "affected",
"version": "15.1(2)SG"
},
{
"status": "affected",
"version": "15.1(1)SG1"
},
{
"status": "affected",
"version": "15.1(1)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG1"
},
{
"status": "affected",
"version": "15.1(2)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG3"
},
{
"status": "affected",
"version": "15.1(2)SG4"
},
{
"status": "affected",
"version": "15.1(2)SG5"
},
{
"status": "affected",
"version": "15.1(2)SG6"
},
{
"status": "affected",
"version": "15.1(2)SG7"
},
{
"status": "affected",
"version": "15.1(2)SG8"
},
{
"status": "affected",
"version": "15.2(4)M"
},
{
"status": "affected",
"version": "15.2(4)M1"
},
{
"status": "affected",
"version": "15.2(4)M2"
},
{
"status": "affected",
"version": "15.2(4)M4"
},
{
"status": "affected",
"version": "15.2(4)M3"
},
{
"status": "affected",
"version": "15.2(4)M5"
},
{
"status": "affected",
"version": "15.2(4)M8"
},
{
"status": "affected",
"version": "15.2(4)M10"
},
{
"status": "affected",
"version": "15.2(4)M7"
},
{
"status": "affected",
"version": "15.2(4)M6"
},
{
"status": "affected",
"version": "15.2(4)M9"
},
{
"status": "affected",
"version": "15.2(4)M6a"
},
{
"status": "affected",
"version": "15.2(4)M11"
},
{
"status": "affected",
"version": "15.0(1)EX"
},
{
"status": "affected",
"version": "15.0(2)EX"
},
{
"status": "affected",
"version": "15.0(2)EX1"
},
{
"status": "affected",
"version": "15.0(2)EX2"
},
{
"status": "affected",
"version": "15.0(2)EX3"
},
{
"status": "affected",
"version": "15.0(2)EX4"
},
{
"status": "affected",
"version": "15.0(2)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX8"
},
{
"status": "affected",
"version": "15.0(2a)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX10"
},
{
"status": "affected",
"version": "15.0(2)EX11"
},
{
"status": "affected",
"version": "15.0(2)EX13"
},
{
"status": "affected",
"version": "15.0(2)EX12"
},
{
"status": "affected",
"version": "15.2(1)GC"
},
{
"status": "affected",
"version": "15.2(1)GC1"
},
{
"status": "affected",
"version": "15.2(1)GC2"
},
{
"status": "affected",
"version": "15.2(2)GC"
},
{
"status": "affected",
"version": "15.2(3)GC"
},
{
"status": "affected",
"version": "15.2(3)GC1"
},
{
"status": "affected",
"version": "15.2(4)GC"
},
{
"status": "affected",
"version": "15.2(4)GC1"
},
{
"status": "affected",
"version": "15.2(4)GC2"
},
{
"status": "affected",
"version": "15.2(4)GC3"
},
{
"status": "affected",
"version": "15.1(1)SY"
},
{
"status": "affected",
"version": "15.1(1)SY1"
},
{
"status": "affected",
"version": "15.1(2)SY"
},
{
"status": "affected",
"version": "15.1(2)SY1"
},
{
"status": "affected",
"version": "15.1(2)SY2"
},
{
"status": "affected",
"version": "15.1(1)SY2"
},
{
"status": "affected",
"version": "15.1(1)SY3"
},
{
"status": "affected",
"version": "15.1(2)SY3"
},
{
"status": "affected",
"version": "15.1(1)SY4"
},
{
"status": "affected",
"version": "15.1(2)SY4"
},
{
"status": "affected",
"version": "15.1(1)SY5"
},
{
"status": "affected",
"version": "15.1(2)SY5"
},
{
"status": "affected",
"version": "15.1(2)SY4a"
},
{
"status": "affected",
"version": "15.1(1)SY6"
},
{
"status": "affected",
"version": "15.1(2)SY6"
},
{
"status": "affected",
"version": "15.1(2)SY7"
},
{
"status": "affected",
"version": "15.1(2)SY8"
},
{
"status": "affected",
"version": "15.1(2)SY9"
},
{
"status": "affected",
"version": "15.1(2)SY10"
},
{
"status": "affected",
"version": "15.1(2)SY11"
},
{
"status": "affected",
"version": "15.1(2)SY12"
},
{
"status": "affected",
"version": "15.1(2)SY13"
},
{
"status": "affected",
"version": "15.1(2)SY14"
},
{
"status": "affected",
"version": "15.1(2)SY15"
},
{
"status": "affected",
"version": "15.1(2)SY16"
},
{
"status": "affected",
"version": "15.3(1)S"
},
{
"status": "affected",
"version": "15.3(2)S"
},
{
"status": "affected",
"version": "15.3(3)S"
},
{
"status": "affected",
"version": "15.3(1)S2"
},
{
"status": "affected",
"version": "15.3(1)S1"
},
{
"status": "affected",
"version": "15.3(2)S2"
},
{
"status": "affected",
"version": "15.3(2)S1"
},
{
"status": "affected",
"version": "15.3(3)S1"
},
{
"status": "affected",
"version": "15.3(3)S2"
},
{
"status": "affected",
"version": "15.3(3)S3"
},
{
"status": "affected",
"version": "15.3(3)S6"
},
{
"status": "affected",
"version": "15.3(3)S4"
},
{
"status": "affected",
"version": "15.3(3)S1a"
},
{
"status": "affected",
"version": "15.3(3)S5"
},
{
"status": "affected",
"version": "15.3(3)S7"
},
{
"status": "affected",
"version": "15.3(3)S8"
},
{
"status": "affected",
"version": "15.3(3)S9"
},
{
"status": "affected",
"version": "15.3(3)S10"
},
{
"status": "affected",
"version": "15.3(3)S8a"
},
{
"status": "affected",
"version": "15.4(1)T"
},
{
"status": "affected",
"version": "15.4(2)T"
},
{
"status": "affected",
"version": "15.4(1)T2"
},
{
"status": "affected",
"version": "15.4(1)T1"
},
{
"status": "affected",
"version": "15.4(1)T3"
},
{
"status": "affected",
"version": "15.4(2)T1"
},
{
"status": "affected",
"version": "15.4(2)T3"
},
{
"status": "affected",
"version": "15.4(2)T2"
},
{
"status": "affected",
"version": "15.4(1)T4"
},
{
"status": "affected",
"version": "15.4(2)T4"
},
{
"status": "affected",
"version": "15.0(2)EA"
},
{
"status": "affected",
"version": "15.0(2)EA1"
},
{
"status": "affected",
"version": "15.2(1)E"
},
{
"status": "affected",
"version": "15.2(2)E"
},
{
"status": "affected",
"version": "15.2(1)E1"
},
{
"status": "affected",
"version": "15.2(3)E"
},
{
"status": "affected",
"version": "15.2(1)E2"
},
{
"status": "affected",
"version": "15.2(1)E3"
},
{
"status": "affected",
"version": "15.2(2)E1"
},
{
"status": "affected",
"version": "15.2(4)E"
},
{
"status": "affected",
"version": "15.2(3)E1"
},
{
"status": "affected",
"version": "15.2(2)E2"
},
{
"status": "affected",
"version": "15.2(2a)E1"
},
{
"status": "affected",
"version": "15.2(2)E3"
},
{
"status": "affected",
"version": "15.2(2a)E2"
},
{
"status": "affected",
"version": "15.2(3)E2"
},
{
"status": "affected",
"version": "15.2(3a)E"
},
{
"status": "affected",
"version": "15.2(3)E3"
},
{
"status": "affected",
"version": "15.2(4)E1"
},
{
"status": "affected",
"version": "15.2(2)E4"
},
{
"status": "affected",
"version": "15.2(2)E5"
},
{
"status": "affected",
"version": "15.2(4)E2"
},
{
"status": "affected",
"version": "15.2(3)E4"
},
{
"status": "affected",
"version": "15.2(5)E"
},
{
"status": "affected",
"version": "15.2(4)E3"
},
{
"status": "affected",
"version": "15.2(2)E6"
},
{
"status": "affected",
"version": "15.2(5a)E"
},
{
"status": "affected",
"version": "15.2(5)E1"
},
{
"status": "affected",
"version": "15.2(5b)E"
},
{
"status": "affected",
"version": "15.2(2)E5a"
},
{
"status": "affected",
"version": "15.2(5c)E"
},
{
"status": "affected",
"version": "15.2(2)E5b"
},
{
"status": "affected",
"version": "15.2(5a)E1"
},
{
"status": "affected",
"version": "15.2(4)E4"
},
{
"status": "affected",
"version": "15.2(2)E7"
},
{
"status": "affected",
"version": "15.2(5)E2"
},
{
"status": "affected",
"version": "15.2(6)E"
},
{
"status": "affected",
"version": "15.2(4)E5"
},
{
"status": "affected",
"version": "15.2(5)E2c"
},
{
"status": "affected",
"version": "15.2(2)E8"
},
{
"status": "affected",
"version": "15.2(6)E0a"
},
{
"status": "affected",
"version": "15.2(6)E1"
},
{
"status": "affected",
"version": "15.2(6)E0c"
},
{
"status": "affected",
"version": "15.2(4)E6"
},
{
"status": "affected",
"version": "15.2(6)E2"
},
{
"status": "affected",
"version": "15.2(2)E9"
},
{
"status": "affected",
"version": "15.2(4)E7"
},
{
"status": "affected",
"version": "15.2(7)E"
},
{
"status": "affected",
"version": "15.2(2)E10"
},
{
"status": "affected",
"version": "15.2(4)E8"
},
{
"status": "affected",
"version": "15.2(6)E2a"
},
{
"status": "affected",
"version": "15.2(6)E2b"
},
{
"status": "affected",
"version": "15.2(7)E1"
},
{
"status": "affected",
"version": "15.2(7)E0a"
},
{
"status": "affected",
"version": "15.2(7)E0b"
},
{
"status": "affected",
"version": "15.2(7)E0s"
},
{
"status": "affected",
"version": "15.2(6)E3"
},
{
"status": "affected",
"version": "15.2(4)E9"
},
{
"status": "affected",
"version": "15.2(7)E2"
},
{
"status": "affected",
"version": "15.2(7a)E0b"
},
{
"status": "affected",
"version": "15.2(4)E10"
},
{
"status": "affected",
"version": "15.2(7)E3"
},
{
"status": "affected",
"version": "15.2(7)E1a"
},
{
"status": "affected",
"version": "15.2(7b)E0b"
},
{
"status": "affected",
"version": "15.2(7)E2a"
},
{
"status": "affected",
"version": "15.2(4)E10a"
},
{
"status": "affected",
"version": "15.2(7)E4"
},
{
"status": "affected",
"version": "15.2(7)E3k"
},
{
"status": "affected",
"version": "15.2(8)E"
},
{
"status": "affected",
"version": "15.2(8)E1"
},
{
"status": "affected",
"version": "15.2(7)E5"
},
{
"status": "affected",
"version": "15.2(7)E6"
},
{
"status": "affected",
"version": "15.2(8)E2"
},
{
"status": "affected",
"version": "15.2(4)E10d"
},
{
"status": "affected",
"version": "15.2(7)E7"
},
{
"status": "affected",
"version": "15.2(8)E3"
},
{
"status": "affected",
"version": "15.2(7)E8"
},
{
"status": "affected",
"version": "15.2(8)E4"
},
{
"status": "affected",
"version": "15.2(7)E9"
},
{
"status": "affected",
"version": "15.2(8)E5"
},
{
"status": "affected",
"version": "15.2(8)E6"
},
{
"status": "affected",
"version": "15.2(7)E10"
},
{
"status": "affected",
"version": "15.2(7)E11"
},
{
"status": "affected",
"version": "15.2(8)E7"
},
{
"status": "affected",
"version": "15.1(3)MRA"
},
{
"status": "affected",
"version": "15.1(3)MRA1"
},
{
"status": "affected",
"version": "15.1(3)MRA2"
},
{
"status": "affected",
"version": "15.1(3)MRA3"
},
{
"status": "affected",
"version": "15.1(3)MRA4"
},
{
"status": "affected",
"version": "15.1(3)SVB1"
},
{
"status": "affected",
"version": "15.1(3)SVB2"
},
{
"status": "affected",
"version": "15.2(2)JB"
},
{
"status": "affected",
"version": "15.2(2)JB2"
},
{
"status": "affected",
"version": "15.2(4)JB"
},
{
"status": "affected",
"version": "15.2(2)JB3"
},
{
"status": "affected",
"version": "15.2(4)JB1"
},
{
"status": "affected",
"version": "15.2(4)JB2"
},
{
"status": "affected",
"version": "15.2(4)JB3"
},
{
"status": "affected",
"version": "15.2(4)JB3a"
},
{
"status": "affected",
"version": "15.2(2)JB4"
},
{
"status": "affected",
"version": "15.2(4)JB4"
},
{
"status": "affected",
"version": "15.2(4)JB3h"
},
{
"status": "affected",
"version": "15.2(4)JB3b"
},
{
"status": "affected",
"version": "15.2(4)JB3s"
},
{
"status": "affected",
"version": "15.2(4)JB5h"
},
{
"status": "affected",
"version": "15.2(4)JB5"
},
{
"status": "affected",
"version": "15.2(4)JB5m"
},
{
"status": "affected",
"version": "15.2(4)JB6"
},
{
"status": "affected",
"version": "15.2(2)JB5"
},
{
"status": "affected",
"version": "15.2(2)JB6"
},
{
"status": "affected",
"version": "15.4(1)S"
},
{
"status": "affected",
"version": "15.4(2)S"
},
{
"status": "affected",
"version": "15.4(3)S"
},
{
"status": "affected",
"version": "15.4(1)S1"
},
{
"status": "affected",
"version": "15.4(1)S2"
},
{
"status": "affected",
"version": "15.4(2)S1"
},
{
"status": "affected",
"version": "15.4(1)S3"
},
{
"status": "affected",
"version": "15.4(3)S1"
},
{
"status": "affected",
"version": "15.4(2)S2"
},
{
"status": "affected",
"version": "15.4(3)S2"
},
{
"status": "affected",
"version": "15.4(3)S3"
},
{
"status": "affected",
"version": "15.4(1)S4"
},
{
"status": "affected",
"version": "15.4(2)S3"
},
{
"status": "affected",
"version": "15.4(2)S4"
},
{
"status": "affected",
"version": "15.4(3)S4"
},
{
"status": "affected",
"version": "15.4(3)S5"
},
{
"status": "affected",
"version": "15.4(3)S6"
},
{
"status": "affected",
"version": "15.4(3)S7"
},
{
"status": "affected",
"version": "15.4(3)S6a"
},
{
"status": "affected",
"version": "15.4(3)S8"
},
{
"status": "affected",
"version": "15.4(3)S9"
},
{
"status": "affected",
"version": "15.4(3)S10"
},
{
"status": "affected",
"version": "15.2(2)JAX"
},
{
"status": "affected",
"version": "15.3(3)M"
},
{
"status": "affected",
"version": "15.3(3)M1"
},
{
"status": "affected",
"version": "15.3(3)M2"
},
{
"status": "affected",
"version": "15.3(3)M3"
},
{
"status": "affected",
"version": "15.3(3)M5"
},
{
"status": "affected",
"version": "15.3(3)M4"
},
{
"status": "affected",
"version": "15.3(3)M6"
},
{
"status": "affected",
"version": "15.3(3)M7"
},
{
"status": "affected",
"version": "15.3(3)M8"
},
{
"status": "affected",
"version": "15.3(3)M9"
},
{
"status": "affected",
"version": "15.3(3)M10"
},
{
"status": "affected",
"version": "15.3(3)M8a"
},
{
"status": "affected",
"version": "15.2(4)JN"
},
{
"status": "affected",
"version": "15.0(2)EZ"
},
{
"status": "affected",
"version": "15.1(3)SVD"
},
{
"status": "affected",
"version": "15.1(3)SVD1"
},
{
"status": "affected",
"version": "15.1(3)SVD2"
},
{
"status": "affected",
"version": "15.2(1)EY"
},
{
"status": "affected",
"version": "15.0(2)EJ"
},
{
"status": "affected",
"version": "15.0(2)EJ1"
},
{
"status": "affected",
"version": "15.2(1)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1"
},
{
"status": "affected",
"version": "15.2(1)SY0a"
},
{
"status": "affected",
"version": "15.2(1)SY2"
},
{
"status": "affected",
"version": "15.2(2)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1a"
},
{
"status": "affected",
"version": "15.2(2)SY1"
},
{
"status": "affected",
"version": "15.2(2)SY2"
},
{
"status": "affected",
"version": "15.2(1)SY3"
},
{
"status": "affected",
"version": "15.2(1)SY4"
},
{
"status": "affected",
"version": "15.2(2)SY3"
},
{
"status": "affected",
"version": "15.2(1)SY5"
},
{
"status": "affected",
"version": "15.2(1)SY6"
},
{
"status": "affected",
"version": "15.2(1)SY7"
},
{
"status": "affected",
"version": "15.2(1)SY8"
},
{
"status": "affected",
"version": "15.2(5)EX"
},
{
"status": "affected",
"version": "15.1(3)SVF"
},
{
"status": "affected",
"version": "15.1(3)SVF1"
},
{
"status": "affected",
"version": "15.1(3)SVE"
},
{
"status": "affected",
"version": "15.0(2)EK"
},
{
"status": "affected",
"version": "15.0(2)EK1"
},
{
"status": "affected",
"version": "15.4(1)CG"
},
{
"status": "affected",
"version": "15.4(1)CG1"
},
{
"status": "affected",
"version": "15.4(2)CG"
},
{
"status": "affected",
"version": "15.5(1)S"
},
{
"status": "affected",
"version": "15.5(2)S"
},
{
"status": "affected",
"version": "15.5(1)S1"
},
{
"status": "affected",
"version": "15.5(3)S"
},
{
"status": "affected",
"version": "15.5(1)S2"
},
{
"status": "affected",
"version": "15.5(1)S3"
},
{
"status": "affected",
"version": "15.5(2)S1"
},
{
"status": "affected",
"version": "15.5(2)S2"
},
{
"status": "affected",
"version": "15.5(3)S1"
},
{
"status": "affected",
"version": "15.5(3)S1a"
},
{
"status": "affected",
"version": "15.5(2)S3"
},
{
"status": "affected",
"version": "15.5(3)S2"
},
{
"status": "affected",
"version": "15.5(3)S0a"
},
{
"status": "affected",
"version": "15.5(3)S3"
},
{
"status": "affected",
"version": "15.5(1)S4"
},
{
"status": "affected",
"version": "15.5(2)S4"
},
{
"status": "affected",
"version": "15.5(3)S4"
},
{
"status": "affected",
"version": "15.5(3)S5"
},
{
"status": "affected",
"version": "15.5(3)S6"
},
{
"status": "affected",
"version": "15.5(3)S6a"
},
{
"status": "affected",
"version": "15.5(3)S7"
},
{
"status": "affected",
"version": "15.5(3)S6b"
},
{
"status": "affected",
"version": "15.5(3)S8"
},
{
"status": "affected",
"version": "15.5(3)S9"
},
{
"status": "affected",
"version": "15.5(3)S10"
},
{
"status": "affected",
"version": "15.5(3)S9a"
},
{
"status": "affected",
"version": "15.1(3)SVG"
},
{
"status": "affected",
"version": "15.2(2)EB"
},
{
"status": "affected",
"version": "15.2(2)EB1"
},
{
"status": "affected",
"version": "15.2(2)EB2"
},
{
"status": "affected",
"version": "15.2(6)EB"
},
{
"status": "affected",
"version": "15.5(1)T"
},
{
"status": "affected",
"version": "15.5(1)T1"
},
{
"status": "affected",
"version": "15.5(2)T"
},
{
"status": "affected",
"version": "15.5(1)T2"
},
{
"status": "affected",
"version": "15.5(1)T3"
},
{
"status": "affected",
"version": "15.5(2)T1"
},
{
"status": "affected",
"version": "15.5(2)T2"
},
{
"status": "affected",
"version": "15.5(2)T3"
},
{
"status": "affected",
"version": "15.5(2)T4"
},
{
"status": "affected",
"version": "15.5(1)T4"
},
{
"status": "affected",
"version": "15.2(2)EA"
},
{
"status": "affected",
"version": "15.2(2)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA2"
},
{
"status": "affected",
"version": "15.2(3)EA"
},
{
"status": "affected",
"version": "15.2(4)EA"
},
{
"status": "affected",
"version": "15.2(4)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA3"
},
{
"status": "affected",
"version": "15.2(4)EA3"
},
{
"status": "affected",
"version": "15.2(5)EA"
},
{
"status": "affected",
"version": "15.2(4)EA4"
},
{
"status": "affected",
"version": "15.2(4)EA5"
},
{
"status": "affected",
"version": "15.2(4)EA6"
},
{
"status": "affected",
"version": "15.2(4)EA7"
},
{
"status": "affected",
"version": "15.2(4)EA8"
},
{
"status": "affected",
"version": "15.2(4)EA9"
},
{
"status": "affected",
"version": "15.2(4)EA9a"
},
{
"status": "affected",
"version": "15.3(3)JN3"
},
{
"status": "affected",
"version": "15.3(3)JN4"
},
{
"status": "affected",
"version": "15.3(3)JN7"
},
{
"status": "affected",
"version": "15.3(3)JN8"
},
{
"status": "affected",
"version": "15.3(3)JN9"
},
{
"status": "affected",
"version": "15.5(3)M"
},
{
"status": "affected",
"version": "15.5(3)M1"
},
{
"status": "affected",
"version": "15.5(3)M0a"
},
{
"status": "affected",
"version": "15.5(3)M2"
},
{
"status": "affected",
"version": "15.5(3)M3"
},
{
"status": "affected",
"version": "15.5(3)M4"
},
{
"status": "affected",
"version": "15.5(3)M4a"
},
{
"status": "affected",
"version": "15.5(3)M5"
},
{
"status": "affected",
"version": "15.5(3)M6"
},
{
"status": "affected",
"version": "15.5(3)M7"
},
{
"status": "affected",
"version": "15.5(3)M6a"
},
{
"status": "affected",
"version": "15.5(3)M8"
},
{
"status": "affected",
"version": "15.5(3)M9"
},
{
"status": "affected",
"version": "15.5(3)M10"
},
{
"status": "affected",
"version": "15.3(3)JA"
},
{
"status": "affected",
"version": "15.3(3)JA1m"
},
{
"status": "affected",
"version": "15.3(3)JA1"
},
{
"status": "affected",
"version": "15.3(3)JA4"
},
{
"status": "affected",
"version": "15.3(3)JA5"
},
{
"status": "affected",
"version": "15.3(3)JA6"
},
{
"status": "affected",
"version": "15.3(3)JA7"
},
{
"status": "affected",
"version": "15.3(3)JA8"
},
{
"status": "affected",
"version": "15.3(3)JA10"
},
{
"status": "affected",
"version": "15.3(3)JA11"
},
{
"status": "affected",
"version": "15.3(3)JA12"
},
{
"status": "affected",
"version": "15.3(3)JAA"
},
{
"status": "affected",
"version": "15.3(3)JAA11"
},
{
"status": "affected",
"version": "15.3(3)JAA12"
},
{
"status": "affected",
"version": "15.3(3)JAB"
},
{
"status": "affected",
"version": "15.3(3)JB"
},
{
"status": "affected",
"version": "15.5(3)SN"
},
{
"status": "affected",
"version": "15.6(1)S"
},
{
"status": "affected",
"version": "15.6(2)S"
},
{
"status": "affected",
"version": "15.6(2)S1"
},
{
"status": "affected",
"version": "15.6(1)S1"
},
{
"status": "affected",
"version": "15.6(1)S2"
},
{
"status": "affected",
"version": "15.6(2)S2"
},
{
"status": "affected",
"version": "15.6(1)S3"
},
{
"status": "affected",
"version": "15.6(2)S3"
},
{
"status": "affected",
"version": "15.6(1)S4"
},
{
"status": "affected",
"version": "15.6(2)S4"
},
{
"status": "affected",
"version": "15.6(1)T"
},
{
"status": "affected",
"version": "15.6(2)T"
},
{
"status": "affected",
"version": "15.6(1)T0a"
},
{
"status": "affected",
"version": "15.6(1)T1"
},
{
"status": "affected",
"version": "15.6(2)T1"
},
{
"status": "affected",
"version": "15.6(1)T2"
},
{
"status": "affected",
"version": "15.6(2)T2"
},
{
"status": "affected",
"version": "15.6(1)T3"
},
{
"status": "affected",
"version": "15.6(2)T3"
},
{
"status": "affected",
"version": "15.3(3)JNB"
},
{
"status": "affected",
"version": "15.3(3)JNB1"
},
{
"status": "affected",
"version": "15.3(3)JNB2"
},
{
"status": "affected",
"version": "15.3(3)JNB3"
},
{
"status": "affected",
"version": "15.3(3)JNB4"
},
{
"status": "affected",
"version": "15.3(3)JNB6"
},
{
"status": "affected",
"version": "15.3(3)JNB5"
},
{
"status": "affected",
"version": "15.3(3)JAX"
},
{
"status": "affected",
"version": "15.3(3)JAX1"
},
{
"status": "affected",
"version": "15.3(3)JAX2"
},
{
"status": "affected",
"version": "15.3(3)JBB"
},
{
"status": "affected",
"version": "15.3(3)JBB1"
},
{
"status": "affected",
"version": "15.3(3)JBB2"
},
{
"status": "affected",
"version": "15.3(3)JBB4"
},
{
"status": "affected",
"version": "15.3(3)JBB5"
},
{
"status": "affected",
"version": "15.3(3)JBB6"
},
{
"status": "affected",
"version": "15.3(3)JBB8"
},
{
"status": "affected",
"version": "15.3(3)JBB6a"
},
{
"status": "affected",
"version": "15.3(3)JC"
},
{
"status": "affected",
"version": "15.3(3)JC1"
},
{
"status": "affected",
"version": "15.3(3)JC2"
},
{
"status": "affected",
"version": "15.3(3)JC3"
},
{
"status": "affected",
"version": "15.3(3)JC4"
},
{
"status": "affected",
"version": "15.3(3)JC5"
},
{
"status": "affected",
"version": "15.3(3)JC6"
},
{
"status": "affected",
"version": "15.3(3)JC8"
},
{
"status": "affected",
"version": "15.3(3)JC9"
},
{
"status": "affected",
"version": "15.3(3)JC14"
},
{
"status": "affected",
"version": "15.3(1)SY"
},
{
"status": "affected",
"version": "15.3(1)SY1"
},
{
"status": "affected",
"version": "15.3(1)SY2"
},
{
"status": "affected",
"version": "15.3(3)JNC"
},
{
"status": "affected",
"version": "15.3(3)JNC1"
},
{
"status": "affected",
"version": "15.3(3)JNC2"
},
{
"status": "affected",
"version": "15.3(3)JNC3"
},
{
"status": "affected",
"version": "15.3(3)JNC4"
},
{
"status": "affected",
"version": "15.3(3)JNP"
},
{
"status": "affected",
"version": "15.3(3)JNP1"
},
{
"status": "affected",
"version": "15.3(3)JNP3"
},
{
"status": "affected",
"version": "15.6(2)SP"
},
{
"status": "affected",
"version": "15.6(2)SP1"
},
{
"status": "affected",
"version": "15.6(2)SP2"
},
{
"status": "affected",
"version": "15.6(2)SP3"
},
{
"status": "affected",
"version": "15.6(2)SP4"
},
{
"status": "affected",
"version": "15.6(2)SP5"
},
{
"status": "affected",
"version": "15.6(2)SP6"
},
{
"status": "affected",
"version": "15.6(2)SP7"
},
{
"status": "affected",
"version": "15.6(2)SP8"
},
{
"status": "affected",
"version": "15.6(2)SP9"
},
{
"status": "affected",
"version": "15.6(2)SN"
},
{
"status": "affected",
"version": "15.3(3)JPB"
},
{
"status": "affected",
"version": "15.3(3)JPB1"
},
{
"status": "affected",
"version": "15.3(3)JD"
},
{
"status": "affected",
"version": "15.3(3)JD2"
},
{
"status": "affected",
"version": "15.3(3)JD3"
},
{
"status": "affected",
"version": "15.3(3)JD4"
},
{
"status": "affected",
"version": "15.3(3)JD5"
},
{
"status": "affected",
"version": "15.3(3)JD6"
},
{
"status": "affected",
"version": "15.3(3)JD7"
},
{
"status": "affected",
"version": "15.3(3)JD8"
},
{
"status": "affected",
"version": "15.3(3)JD9"
},
{
"status": "affected",
"version": "15.3(3)JD11"
},
{
"status": "affected",
"version": "15.3(3)JD13"
},
{
"status": "affected",
"version": "15.3(3)JD14"
},
{
"status": "affected",
"version": "15.3(3)JD16"
},
{
"status": "affected",
"version": "15.3(3)JD17"
},
{
"status": "affected",
"version": "15.6(3)M"
},
{
"status": "affected",
"version": "15.6(3)M1"
},
{
"status": "affected",
"version": "15.6(3)M0a"
},
{
"status": "affected",
"version": "15.6(3)M1b"
},
{
"status": "affected",
"version": "15.6(3)M2"
},
{
"status": "affected",
"version": "15.6(3)M2a"
},
{
"status": "affected",
"version": "15.6(3)M3"
},
{
"status": "affected",
"version": "15.6(3)M3a"
},
{
"status": "affected",
"version": "15.6(3)M4"
},
{
"status": "affected",
"version": "15.6(3)M5"
},
{
"status": "affected",
"version": "15.6(3)M6"
},
{
"status": "affected",
"version": "15.6(3)M7"
},
{
"status": "affected",
"version": "15.6(3)M6a"
},
{
"status": "affected",
"version": "15.6(3)M6b"
},
{
"status": "affected",
"version": "15.6(3)M8"
},
{
"status": "affected",
"version": "15.6(3)M9"
},
{
"status": "affected",
"version": "15.1(3)SVJ2"
},
{
"status": "affected",
"version": "15.2(4)EC1"
},
{
"status": "affected",
"version": "15.2(4)EC2"
},
{
"status": "affected",
"version": "15.3(3)JPC"
},
{
"status": "affected",
"version": "15.3(3)JPC1"
},
{
"status": "affected",
"version": "15.3(3)JPC2"
},
{
"status": "affected",
"version": "15.3(3)JPC3"
},
{
"status": "affected",
"version": "15.3(3)JPC100"
},
{
"status": "affected",
"version": "15.3(3)JPC5"
},
{
"status": "affected",
"version": "15.3(3)JND"
},
{
"status": "affected",
"version": "15.3(3)JND1"
},
{
"status": "affected",
"version": "15.3(3)JND2"
},
{
"status": "affected",
"version": "15.3(3)JND3"
},
{
"status": "affected",
"version": "15.4(1)SY"
},
{
"status": "affected",
"version": "15.4(1)SY1"
},
{
"status": "affected",
"version": "15.4(1)SY2"
},
{
"status": "affected",
"version": "15.4(1)SY3"
},
{
"status": "affected",
"version": "15.4(1)SY4"
},
{
"status": "affected",
"version": "15.3(3)JE"
},
{
"status": "affected",
"version": "15.3(3)JPD"
},
{
"status": "affected",
"version": "15.3(3)JDA7"
},
{
"status": "affected",
"version": "15.3(3)JDA8"
},
{
"status": "affected",
"version": "15.3(3)JDA9"
},
{
"status": "affected",
"version": "15.3(3)JDA11"
},
{
"status": "affected",
"version": "15.3(3)JDA13"
},
{
"status": "affected",
"version": "15.3(3)JDA14"
},
{
"status": "affected",
"version": "15.3(3)JDA16"
},
{
"status": "affected",
"version": "15.3(3)JDA17"
},
{
"status": "affected",
"version": "15.5(1)SY"
},
{
"status": "affected",
"version": "15.5(1)SY1"
},
{
"status": "affected",
"version": "15.5(1)SY2"
},
{
"status": "affected",
"version": "15.5(1)SY3"
},
{
"status": "affected",
"version": "15.5(1)SY4"
},
{
"status": "affected",
"version": "15.5(1)SY5"
},
{
"status": "affected",
"version": "15.5(1)SY6"
},
{
"status": "affected",
"version": "15.5(1)SY7"
},
{
"status": "affected",
"version": "15.5(1)SY8"
},
{
"status": "affected",
"version": "15.5(1)SY9"
},
{
"status": "affected",
"version": "15.5(1)SY10"
},
{
"status": "affected",
"version": "15.5(1)SY11"
},
{
"status": "affected",
"version": "15.5(1)SY12"
},
{
"status": "affected",
"version": "15.5(1)SY13"
},
{
"status": "affected",
"version": "15.5(1)SY14"
},
{
"status": "affected",
"version": "15.3(3)JF"
},
{
"status": "affected",
"version": "15.3(3)JF1"
},
{
"status": "affected",
"version": "15.3(3)JF2"
},
{
"status": "affected",
"version": "15.3(3)JF4"
},
{
"status": "affected",
"version": "15.3(3)JF5"
},
{
"status": "affected",
"version": "15.3(3)JF6"
},
{
"status": "affected",
"version": "15.3(3)JF7"
},
{
"status": "affected",
"version": "15.3(3)JF8"
},
{
"status": "affected",
"version": "15.3(3)JF9"
},
{
"status": "affected",
"version": "15.3(3)JF10"
},
{
"status": "affected",
"version": "15.3(3)JF11"
},
{
"status": "affected",
"version": "15.3(3)JF12"
},
{
"status": "affected",
"version": "15.3(3)JF12i"
},
{
"status": "affected",
"version": "15.3(3)JF14"
},
{
"status": "affected",
"version": "15.3(3)JF14i"
},
{
"status": "affected",
"version": "15.3(3)JF15"
},
{
"status": "affected",
"version": "15.3(3)JCA7"
},
{
"status": "affected",
"version": "15.3(3)JCA8"
},
{
"status": "affected",
"version": "15.3(3)JCA9"
},
{
"status": "affected",
"version": "15.7(3)M"
},
{
"status": "affected",
"version": "15.7(3)M1"
},
{
"status": "affected",
"version": "15.7(3)M0a"
},
{
"status": "affected",
"version": "15.7(3)M3"
},
{
"status": "affected",
"version": "15.7(3)M2"
},
{
"status": "affected",
"version": "15.7(3)M4"
},
{
"status": "affected",
"version": "15.7(3)M5"
},
{
"status": "affected",
"version": "15.7(3)M4a"
},
{
"status": "affected",
"version": "15.7(3)M4b"
},
{
"status": "affected",
"version": "15.7(3)M6"
},
{
"status": "affected",
"version": "15.7(3)M7"
},
{
"status": "affected",
"version": "15.7(3)M8"
},
{
"status": "affected",
"version": "15.7(3)M9"
},
{
"status": "affected",
"version": "15.3(3)JG"
},
{
"status": "affected",
"version": "15.3(3)JG1"
},
{
"status": "affected",
"version": "15.3(3)JH"
},
{
"status": "affected",
"version": "15.3(3)JH1"
},
{
"status": "affected",
"version": "15.3(3)JI1"
},
{
"status": "affected",
"version": "15.3(3)JI3"
},
{
"status": "affected",
"version": "15.3(3)JI4"
},
{
"status": "affected",
"version": "15.3(3)JI5"
},
{
"status": "affected",
"version": "15.3(3)JI6"
},
{
"status": "affected",
"version": "15.8(3)M"
},
{
"status": "affected",
"version": "15.8(3)M1"
},
{
"status": "affected",
"version": "15.8(3)M0a"
},
{
"status": "affected",
"version": "15.8(3)M0b"
},
{
"status": "affected",
"version": "15.8(3)M2"
},
{
"status": "affected",
"version": "15.8(3)M1a"
},
{
"status": "affected",
"version": "15.8(3)M3"
},
{
"status": "affected",
"version": "15.8(3)M2a"
},
{
"status": "affected",
"version": "15.8(3)M4"
},
{
"status": "affected",
"version": "15.8(3)M3a"
},
{
"status": "affected",
"version": "15.8(3)M3b"
},
{
"status": "affected",
"version": "15.8(3)M5"
},
{
"status": "affected",
"version": "15.8(3)M6"
},
{
"status": "affected",
"version": "15.8(3)M7"
},
{
"status": "affected",
"version": "15.8(3)M8"
},
{
"status": "affected",
"version": "15.8(3)M9"
},
{
"status": "affected",
"version": "15.9(3)M"
},
{
"status": "affected",
"version": "15.9(3)M1"
},
{
"status": "affected",
"version": "15.9(3)M0a"
},
{
"status": "affected",
"version": "15.9(3)M2"
},
{
"status": "affected",
"version": "15.9(3)M3"
},
{
"status": "affected",
"version": "15.9(3)M2a"
},
{
"status": "affected",
"version": "15.9(3)M3a"
},
{
"status": "affected",
"version": "15.9(3)M4"
},
{
"status": "affected",
"version": "15.9(3)M3b"
},
{
"status": "affected",
"version": "15.9(3)M5"
},
{
"status": "affected",
"version": "15.9(3)M4a"
},
{
"status": "affected",
"version": "15.9(3)M6"
},
{
"status": "affected",
"version": "15.9(3)M7"
},
{
"status": "affected",
"version": "15.9(3)M6a"
},
{
"status": "affected",
"version": "15.9(3)M6b"
},
{
"status": "affected",
"version": "15.9(3)M8"
},
{
"status": "affected",
"version": "15.9(3)M7a"
},
{
"status": "affected",
"version": "15.9(3)M9"
},
{
"status": "affected",
"version": "15.9(3)M8b"
},
{
"status": "affected",
"version": "15.9(3)M10"
},
{
"status": "affected",
"version": "15.3(3)JK"
},
{
"status": "affected",
"version": "15.3(3)JK1"
},
{
"status": "affected",
"version": "15.3(3)JK2"
},
{
"status": "affected",
"version": "15.3(3)JK3"
},
{
"status": "affected",
"version": "15.3(3)JK2a"
},
{
"status": "affected",
"version": "15.3(3)JK1t"
},
{
"status": "affected",
"version": "15.3(3)JK4"
},
{
"status": "affected",
"version": "15.3(3)JK5"
},
{
"status": "affected",
"version": "15.3(3)JK6"
},
{
"status": "affected",
"version": "15.3(3)JK7"
},
{
"status": "affected",
"version": "15.3(3)JK8"
},
{
"status": "affected",
"version": "15.3(3)JK8a"
},
{
"status": "affected",
"version": "15.3(3)JK8b"
},
{
"status": "affected",
"version": "15.3(3)JK9"
},
{
"status": "affected",
"version": "15.3(3)JK10"
},
{
"status": "affected",
"version": "15.3(3)JK11"
},
{
"status": "affected",
"version": "15.3(3)JJ"
},
{
"status": "affected",
"version": "15.3(3)JJ1"
},
{
"status": "affected",
"version": "15.3(3)JPI1"
},
{
"status": "affected",
"version": "15.3(3)JPI4"
},
{
"status": "affected",
"version": "15.3(3)JPI1t"
},
{
"status": "affected",
"version": "15.3(3)JPI5"
},
{
"status": "affected",
"version": "15.3(3)JPI7"
},
{
"status": "affected",
"version": "15.3(3)JPI6a"
},
{
"status": "affected",
"version": "15.3(3)JPI8a"
},
{
"status": "affected",
"version": "15.3(3)JPI9"
},
{
"status": "affected",
"version": "15.3(3)JPI10"
},
{
"status": "affected",
"version": "15.3(3)JPJ2"
},
{
"status": "affected",
"version": "15.3(3)JPJ3"
},
{
"status": "affected",
"version": "15.3(3)JPJ2t"
},
{
"status": "affected",
"version": "15.3(3)JPJ3a"
},
{
"status": "affected",
"version": "15.3(3)JPJ4"
},
{
"status": "affected",
"version": "15.3(3)JPJ5"
},
{
"status": "affected",
"version": "15.3(3)JPJ6"
},
{
"status": "affected",
"version": "15.3(3)JPJ7"
},
{
"status": "affected",
"version": "15.3(3)JPJ7c"
},
{
"status": "affected",
"version": "15.3(3)JPJ8a"
},
{
"status": "affected",
"version": "15.3(3)JPJ9"
},
{
"status": "affected",
"version": "15.3(3)JPJ10"
},
{
"status": "affected",
"version": "15.3(3)JPJ11"
},
{
"status": "affected",
"version": "15.3(3)JPK"
},
{
"status": "affected",
"version": "15.3(3)JPK1"
},
{
"status": "affected",
"version": "15.3(3)JPK2"
},
{
"status": "affected",
"version": "15.3(3)JPK3"
},
{
"status": "affected",
"version": "15.3(3)JPK4"
},
{
"status": "affected",
"version": "15.3(3)JPK5"
},
{
"status": "affected",
"version": "15.3(3)JPK6"
},
{
"status": "affected",
"version": "15.3(3)JPK7"
},
{
"status": "affected",
"version": "15.3(3)JPK8"
},
{
"status": "affected",
"version": "15.3(3)JPK9"
},
{
"status": "affected",
"version": "15.3(3)JPL"
},
{
"status": "affected",
"version": "15.3(3)JPM"
},
{
"status": "affected",
"version": "15.3(3)JPN"
},
{
"status": "affected",
"version": "15.3(3)JPN1"
},
{
"status": "affected",
"version": "15.3(3)JPN2"
},
{
"status": "affected",
"version": "15.3(3)JPN3"
},
{
"status": "affected",
"version": "15.3(3)JPN4"
},
{
"status": "affected",
"version": "15.3(3)JPN5"
},
{
"status": "affected",
"version": "15.3(3)JPN6"
},
{
"status": "affected",
"version": "15.3(3)JPO"
},
{
"status": "affected",
"version": "15.3(3)JPP"
},
{
"status": "affected",
"version": "15.3(3)JPQ"
},
{
"status": "affected",
"version": "15.3(3)JPQ1"
},
{
"status": "affected",
"version": "15.3(3)JPQ2"
},
{
"status": "affected",
"version": "15.3(3)JPQ3"
},
{
"status": "affected",
"version": "15.3(3)JPQ5"
},
{
"status": "affected",
"version": "15.3(3)JPR"
},
{
"status": "affected",
"version": "15.3(3)JPS"
},
{
"status": "affected",
"version": "15.3(3)JPT"
},
{
"status": "affected",
"version": "15.3(3)JPT1"
},
{
"status": "affected",
"version": "15.3(3)JPT2"
},
{
"status": "affected",
"version": "15.3(3)JPU"
}
]
},
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.7.0S"
},
{
"status": "affected",
"version": "3.7.1S"
},
{
"status": "affected",
"version": "3.7.2S"
},
{
"status": "affected",
"version": "3.7.3S"
},
{
"status": "affected",
"version": "3.7.4S"
},
{
"status": "affected",
"version": "3.7.5S"
},
{
"status": "affected",
"version": "3.7.6S"
},
{
"status": "affected",
"version": "3.7.7S"
},
{
"status": "affected",
"version": "3.7.4aS"
},
{
"status": "affected",
"version": "3.7.2tS"
},
{
"status": "affected",
"version": "3.7.0bS"
},
{
"status": "affected",
"version": "3.7.1aS"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.8.0S"
},
{
"status": "affected",
"version": "3.8.1S"
},
{
"status": "affected",
"version": "3.8.2S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.2.0SE"
},
{
"status": "affected",
"version": "3.2.1SE"
},
{
"status": "affected",
"version": "3.2.2SE"
},
{
"status": "affected",
"version": "3.2.3SE"
},
{
"status": "affected",
"version": "3.3.0SE"
},
{
"status": "affected",
"version": "3.3.1SE"
},
{
"status": "affected",
"version": "3.3.2SE"
},
{
"status": "affected",
"version": "3.3.3SE"
},
{
"status": "affected",
"version": "3.3.4SE"
},
{
"status": "affected",
"version": "3.3.5SE"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.8.8E"
},
{
"status": "affected",
"version": "3.8.9E"
},
{
"status": "affected",
"version": "3.8.10E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.3.8"
},
{
"status": "affected",
"version": "16.3.9"
},
{
"status": "affected",
"version": "16.3.10"
},
{
"status": "affected",
"version": "16.3.11"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.18.6SP"
},
{
"status": "affected",
"version": "3.18.7SP"
},
{
"status": "affected",
"version": "3.18.8aSP"
},
{
"status": "affected",
"version": "3.18.9SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1c"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1d"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.1f"
},
{
"status": "affected",
"version": "16.10.1g"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.3E"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "16.12.12"
},
{
"status": "affected",
"version": "3.11.0E"
},
{
"status": "affected",
"version": "3.11.1E"
},
{
"status": "affected",
"version": "3.11.2E"
},
{
"status": "affected",
"version": "3.11.3E"
},
{
"status": "affected",
"version": "3.11.1aE"
},
{
"status": "affected",
"version": "3.11.4E"
},
{
"status": "affected",
"version": "3.11.3aE"
},
{
"status": "affected",
"version": "3.11.5E"
},
{
"status": "affected",
"version": "3.11.6E"
},
{
"status": "affected",
"version": "3.11.7E"
},
{
"status": "affected",
"version": "3.11.8E"
},
{
"status": "affected",
"version": "3.11.9E"
},
{
"status": "affected",
"version": "3.11.10E"
},
{
"status": "affected",
"version": "3.11.11E"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.1z2"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.1z3"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.99SW"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.2b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:14:03.164Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-cli-EB7cZ6yO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-cli-EB7cZ6yO"
}
],
"source": {
"advisory": "cisco-sa-ios-cli-EB7cZ6yO",
"defects": [
"CSCwm86360"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20149",
"datePublished": "2025-09-24T17:14:03.164Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-09-24T17:32:27.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2017 (GCVE-0-2025-2017)
Vulnerability from cvelistv5 – Published: 2025-03-11 20:42 – Updated: 2025-03-12 14:41
VLAI
Title
Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability
Summary
Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25240.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ashlar-Vellum | Cobalt |
Affected:
1204.91
|
Date Public
2025-03-10 22:01
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:25:53.219347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:41:31.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cobalt",
"vendor": "Ashlar-Vellum",
"versions": [
{
"status": "affected",
"version": "1204.91"
}
]
}
],
"dateAssigned": "2025-03-05T23:40:13.094Z",
"datePublic": "2025-03-10T22:01:25.485Z",
"descriptions": [
{
"lang": "en",
"value": "Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25240."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T20:42:51.738Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-121",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-121/"
}
],
"source": {
"lang": "en",
"value": "Rocco Calvi (@TecR0c) with TecSecurity"
},
"title": "Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-2017",
"datePublished": "2025-03-11T20:42:51.738Z",
"dateReserved": "2025-03-05T23:40:13.044Z",
"dateUpdated": "2025-03-12T14:41:31.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation ID: MIT-4.1
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-9
Phase: Implementation
Description:
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that your buffer is as large as you specify.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-15
Phase: Architecture and Design
Description:
- For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation ID: MIT-12
Phase: Operation
Strategy: Environment Hardening
Description:
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation
Phases: Build and Compilation, Operation
Description:
- Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution.
Mitigation ID: MIT-13
Phase: Implementation
Description:
- Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
Mitigation ID: MIT-21
Phase: Architecture and Design
Strategy: Enforcement by Conversion
Description:
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation ID: MIT-22
Phases: Architecture and Design, Operation
Strategy: Sandbox or Jail
Description:
- Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
- OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-10: Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
CAPEC-100: Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
CAPEC-14: Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.
CAPEC-24: Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
CAPEC-42: MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
CAPEC-44: Overflow Binary Resource File
An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the adversary access to the execution stack and execute arbitrary code in the target process.
CAPEC-45: Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
CAPEC-46: Overflow Variables and Tags
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
CAPEC-67: String Format Overflow in syslog()
This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.
CAPEC-8: Buffer Overflow in an API Call
This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
CAPEC-9: Buffer Overflow in Local Command-Line Utilities
This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.