Search criteria
576 vulnerabilities found for ios_xr by cisco
FKIE_CVE-2025-20154
Vulnerability from fkie_nvd - Published: 2025-05-07 18:15 - Updated: 2025-07-31 16:44
Severity ?
Summary
A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.
This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "456B8012-3BCD-4963-9105-8AFF73E1F8A7",
"versionEndIncluding": "15.9\\(3\\)m11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B88094D9-E2A9-4F48-BF8F-1A63E3F69CA2",
"versionEndIncluding": "17.2.3",
"versionStartIncluding": "16.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "582B1A3D-68F5-4047-98B2-FEC2A9569828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAABB7C-DD62-418F-9CD3-B868913453AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DECAACAE-0DFF-43CE-83AF-84FEABAB2CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EE8F5-2F17-45E8-91BD-9DB5EE97B0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C1199B-57C2-4076-A612-5F75AE46B3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB20C4D-F8AD-4887-8B73-07495439BA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3676F8-475D-4C5D-A932-633E55A1C115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "13E2915D-36F8-4AFE-A2E0-59A8DF87A101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "79FABFF0-0D27-4954-8BA9-42187F7D9B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FF116-1FFB-4960-942E-A1A16ACEA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BC51CBC1-3303-43EF-B617-AD0C59E36000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C710E576-B368-41C9-88A8-75D88E00F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB06AB15-7F91-4B17-BBBD-AC4E4D1EBF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D7FA61-7D81-4FF3-827C-A97D35AB541B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "870B498C-3358-4EC0-B75A-B9A5D1DD40DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95BB2A02-11B4-48C1-97D7-25A9DF28ABB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CEC350-6245-453D-BB6D-79D444E1A5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "004286E0-375F-4385-87EB-0C74BD9CAF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B255442-4F12-41A1-8050-B805AAE65947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FBA2B4-490F-4A00-8967-063F91F197E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93125F1D-0CE5-423F-A73E-46F2A91E5FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00D33162-F298-4B99-A3D4-283A2A4FA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "921B3622-76A3-4D9F-936C-25A965CE1A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "56092600-ABD2-4703-BA00-9DD0AE09B46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B7EEF2-9B6A-43FC-8DBE-F82B8E01BCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EA89C8-AAE8-48F1-91E4-7AE46083A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "48928FFF-871C-4C07-8352-8C802FAD8F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "06FDB11D-C54D-4654-8142-B50D306A6A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84BABFE7-1350-4FB0-B9ED-5F08E386BC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3E20F814-87D4-41A5-B0A0-30AC6C6F2BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83150BDE-63B7-4B36-8584-E2E950E878CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8511927B-4297-47BA-BC02-6250BC40DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E19F529-B25B-4B4B-879B-872D45C7C3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D501F5A6-4E23-4A9F-A550-37BB94691687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23A66FF7-9BAB-40DA-8B90-C3C271D7E893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F79CAFA-73B0-4589-9938-B7898071279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "43AA14EF-3240-442E-935A-DF455FB107D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8B2427-D8C6-420B-A71F-7FD7274DF0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEA7A0B-E20F-4ECC-A789-A4282EAC3029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52002032-AB4E-4F3C-B832-EAA83F9EF97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "35D1FF2C-A40C-44EB-AAB1-A70B94E3D717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD120B9-0671-473C-8420-872E5BB9933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server\u0026nbsp;process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Security Impact Rating (SIR): Low\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Base Score: 3.7\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de servidor del Protocolo de Medici\u00f3n Activa Bidireccional (TWAMP) del software Cisco IOS y Cisco IOS XE podr\u00eda permitir que un atacante remoto no autenticado recargue el dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). En el software Cisco IOS XR, esta vulnerabilidad podr\u00eda provocar que el proceso ipsla_ippm_server se recargue inesperadamente si se habilitan las depuraciones. Esta vulnerabilidad se debe a un acceso fuera de los l\u00edmites a la matriz al procesar paquetes de control TWAMP especialmente manipulados. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes de control TWAMP dise\u00f1ados a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante recargue el dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). Nota: En el software Cisco IOS XR, solo el proceso ipsla_ippm_server se recarga inesperadamente y solo cuando se habilitan las depuraciones. Los detalles de la vulnerabilidad del software Cisco IOS XR son los siguientes: Clasificaci\u00f3n de impacto de seguridad (SIR): baja. Puntuaci\u00f3n base CVSS: 3,7. Vector CVSS: CVSS: 3.1/AV: N/AC: H/PR: N/UI: N/S: U/C: N/I: N/A: L."
}
],
"id": "CVE-2025-20154",
"lastModified": "2025-07-31T16:44:45.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-05-07T18:15:37.177",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20209
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-01 14:59
Severity ?
Summary
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.
This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 6.5.1 | |
| cisco | ios_xr | 6.5.2 | |
| cisco | ios_xr | 6.5.3 | |
| cisco | ios_xr | 6.6.1 | |
| cisco | ios_xr | 6.6.2 | |
| cisco | ios_xr | 6.6.3 | |
| cisco | ios_xr | 6.6.25 | |
| cisco | ios_xr | 7.0.0 | |
| cisco | ios_xr | 7.0.1 | |
| cisco | ios_xr | 7.0.2 | |
| cisco | ios_xr | 7.1.1 | |
| cisco | ios_xr | 7.1.2 | |
| cisco | ios_xr | 7.2.0 | |
| cisco | ios_xr | 7.2.1 | |
| cisco | ios_xr | 7.2.2 | |
| cisco | ios_xr | 7.3.1 | |
| cisco | ios_xr | 7.3.2 | |
| cisco | ios_xr | 7.3.27 | |
| cisco | ios_xr | 7.4.1 | |
| cisco | ios_xr | 7.4.2 | |
| cisco | ios_xr | 7.5.1 | |
| cisco | ios_xr | 7.5.2 | |
| cisco | ios_xr | 7.6.1 | |
| cisco | ios_xr | 7.6.2 | |
| cisco | ios_xr | 7.7.1 | |
| cisco | ios_xr | 7.7.2 | |
| cisco | ios_xr | 7.7.21 | |
| cisco | ios_xr | 7.8.1 | |
| cisco | ios_xr | 7.8.2 | |
| cisco | ios_xr | 7.8.22 | |
| cisco | ios_xr | 7.9.1 | |
| cisco | ios_xr | 7.9.2 | |
| cisco | ios_xr | 7.10.1 | |
| cisco | ios_xr | 7.10.2 | |
| cisco | ios_xr | 7.11.1 | |
| cisco | ios_xr | 7.11.2 | |
| cisco | ios_xr | 24.1.1 | |
| cisco | ios_xr | 24.1.2 | |
| cisco | ios_xr | 24.2.1 | |
| cisco | ios_xr | 24.2.11 | |
| cisco | ncs_1004 | - | |
| cisco | ncs_1010 | - | |
| cisco | ncs_1014 | - | |
| cisco | ncs_540l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00D33162-F298-4B99-A3D4-283A2A4FA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84BABFE7-1350-4FB0-B9ED-5F08E386BC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8511927B-4297-47BA-BC02-6250BC40DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n Intercambio de Claves por Internet versi\u00f3n 2 (IKEv2) del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado impida que un dispositivo afectado procese paquetes UDP del plano de control. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de paquetes IKEv2 malformados. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes IKEv2 malformados a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante impedir que el dispositivo afectado procese paquetes UDP del plano de control, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS). Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que la solucionen."
}
],
"id": "CVE-2025-20209",
"lastModified": "2025-08-01T14:59:24.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.507",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20145
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-04 12:03
Severity ?
Summary
A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.
For more information about this vulnerability, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "921B3622-76A3-4D9F-936C-25A965CE1A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "56092600-ABD2-4703-BA00-9DD0AE09B46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B7EEF2-9B6A-43FC-8DBE-F82B8E01BCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3E20F814-87D4-41A5-B0A0-30AC6C6F2BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83150BDE-63B7-4B36-8584-E2E950E878CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23A66FF7-9BAB-40DA-8B90-C3C271D7E893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEA7A0B-E20F-4ECC-A789-A4282EAC3029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52002032-AB4E-4F3C-B832-EAA83F9EF97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "35D1FF2C-A40C-44EB-AAB1-A70B94E3D717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD120B9-0671-473C-8420-872E5BB9933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7288D433-8CFC-4589-BBCA-466B497251E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB813A-DAC5-4F74-B998-D5284B90BBB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.\r\nFor more information about this vulnerability, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en la direcci\u00f3n de salida del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad existe porque ciertos paquetes se gestionan incorrectamente cuando se reciben en una interfaz de entrada de una tarjeta de l\u00ednea y se dirigen a una interfaz de salida de otra tarjeta de l\u00ednea donde est\u00e1 configurada la ACL de salida. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante omitir una ACL de salida en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n sobre esta vulnerabilidad, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que la solucionen."
}
],
"id": "CVE-2025-20145",
"lastModified": "2025-08-04T12:03:18.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.040",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20177
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-06 17:04
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4CBFD-BFB8-4D89-B5F7-3CBD156778A7",
"versionEndExcluding": "7.11.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAF5A0C-D731-4BE1-AAD8-88ADDB8A65DE",
"versionEndExcluding": "24.2.2",
"versionStartIncluding": "24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D6AD9-652C-491A-9B61-04691D82BBBE",
"versionEndExcluding": "24.3.2",
"versionStartIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCE9AC2-F70A-4B54-8B1C-8F28E4FB32D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado omita la verificaci\u00f3n de la firma de la imagen de Cisco IOS XR e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incompleta de los archivos durante el proceso de verificaci\u00f3n de arranque. Un atacante podr\u00eda explotarla manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle omitir el requisito de ejecutar im\u00e1genes firmadas por Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Dado que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar que el atacante omita la verificaci\u00f3n de la imagen de Cisco, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de media a alta."
}
],
"id": "CVE-2025-20177",
"lastModified": "2025-08-06T17:04:34.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.347",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Product"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-274"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20146
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-01 18:50
Severity ?
Summary
A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 7.9.21 | |
| cisco | ios_xr | 7.10.2 | |
| cisco | ios_xr | 7.11.1 | |
| cisco | ios_xr | 7.11.2 | |
| cisco | ios_xr | 7.11.21 | |
| cisco | ios_xr | 24.1.1 | |
| cisco | ios_xr | 24.1.2 | |
| cisco | ios_xr | 24.2.1 | |
| cisco | ios_xr | 24.2.2 | |
| cisco | ios_xr | 24.3.1 | |
| cisco | ios_xr | 24.3.2 | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEA7A0B-E20F-4ECC-A789-A4282EAC3029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52002032-AB4E-4F3C-B832-EAA83F9EF97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD120B9-0671-473C-8420-872E5BB9933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7288D433-8CFC-4589-BBCA-466B497251E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de multidifusi\u00f3n de capa 3 del software Cisco IOS XR para los routers de servicios de agregaci\u00f3n Cisco ASR serie 9000, los routers compactos de alto rendimiento ASR 9902 y ASR 9903 podr\u00eda permitir que un atacante remoto no autenticado reinicie una tarjeta de l\u00ednea, lo que resulta en una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de paquetes de multidifusi\u00f3n IPv4 malformados que se reciben en tarjetas de l\u00ednea cuya interfaz tiene aplicada una lista de control de acceso (ACL) IPv4 o una pol\u00edtica de QoS. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes de multidifusi\u00f3n IPv4 manipulados a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar excepciones en la tarjeta de l\u00ednea o un reinicio forzado. El tr\u00e1fico en esa tarjeta de l\u00ednea se perder\u00eda mientras esta se recarga."
}
],
"id": "CVE-2025-20146",
"lastModified": "2025-08-01T18:50:42.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.197",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Not Applicable"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20142
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-01 18:40
Severity ?
Summary
A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.
Note: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 6.7.2 | |
| cisco | ios_xr | 6.7.3 | |
| cisco | ios_xr | 6.7.35 | |
| cisco | ios_xr | 6.8.1 | |
| cisco | ios_xr | 6.8.2 | |
| cisco | ios_xr | 6.9.1 | |
| cisco | ios_xr | 6.9.2 | |
| cisco | ios_xr | 7.1.2 | |
| cisco | ios_xr | 7.1.3 | |
| cisco | ios_xr | 7.1.15 | |
| cisco | ios_xr | 7.1.25 | |
| cisco | ios_xr | 7.3.1 | |
| cisco | ios_xr | 7.3.2 | |
| cisco | ios_xr | 7.3.3 | |
| cisco | ios_xr | 7.3.4 | |
| cisco | ios_xr | 7.3.5 | |
| cisco | ios_xr | 7.4.1 | |
| cisco | ios_xr | 7.4.2 | |
| cisco | ios_xr | 7.5.1 | |
| cisco | ios_xr | 7.5.2 | |
| cisco | ios_xr | 7.5.3 | |
| cisco | ios_xr | 7.5.4 | |
| cisco | ios_xr | 7.5.5 | |
| cisco | ios_xr | 7.6.1 | |
| cisco | ios_xr | 7.6.2 | |
| cisco | ios_xr | 7.7.1 | |
| cisco | ios_xr | 7.7.2 | |
| cisco | ios_xr | 7.8.1 | |
| cisco | ios_xr | 7.8.2 | |
| cisco | ios_xr | 7.8.22 | |
| cisco | ios_xr | 7.8.23 | |
| cisco | ios_xr | 7.9.1 | |
| cisco | ios_xr | 7.9.2 | |
| cisco | ios_xr | 7.10.1 | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D7FA61-7D81-4FF3-827C-A97D35AB541B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "870B498C-3358-4EC0-B75A-B9A5D1DD40DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CEC350-6245-453D-BB6D-79D444E1A5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "004286E0-375F-4385-87EB-0C74BD9CAF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B255442-4F12-41A1-8050-B805AAE65947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FBA2B4-490F-4A00-8967-063F91F197E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93125F1D-0CE5-423F-A73E-46F2A91E5FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EA89C8-AAE8-48F1-91E4-7AE46083A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "48928FFF-871C-4C07-8352-8C802FAD8F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "06FDB11D-C54D-4654-8142-B50D306A6A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8B2427-D8C6-420B-A71F-7FD7274DF0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.\r\nNote: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de lista de control de acceso (ACL) IPv4 y la pol\u00edtica de calidad de servicio (QoS) del software Cisco IOS XR para los routers de servicios de agregaci\u00f3n Cisco ASR serie 9000, los routers compactos de alto rendimiento ASR 9902 y ASR 9903 podr\u00eda permitir que un atacante remoto no autenticado reinicie una tarjeta de l\u00ednea, lo que resulta en una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de paquetes IPv4 malformados que se reciben en tarjetas de l\u00ednea cuya interfaz tiene aplicada una ACL IPv4 o una pol\u00edtica de QoS. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes IPv4 manipulados a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar errores en el procesador de red, lo que resultar\u00eda en el reinicio o apagado del proceso de red. El tr\u00e1fico a trav\u00e9s de esa tarjeta de l\u00ednea se perder\u00eda mientras esta se recarga. Nota: Esta vulnerabilidad se ha observado principalmente en entornos VPN de Capa 2 (L2VPN) donde se ha aplicado una ACL IPv4 o una pol\u00edtica de QoS a la interfaz virtual del puente. Las configuraciones de Capa 3 donde la interfaz tiene aplicada una ACL IPv4 o una pol\u00edtica de QoS tambi\u00e9n se ven afectadas, aunque no se ha observado la vulnerabilidad."
}
],
"id": "CVE-2025-20142",
"lastModified": "2025-08-01T18:40:27.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.573",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20115
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-01 16:13
Severity ?
Summary
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "582B1A3D-68F5-4047-98B2-FEC2A9569828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAABB7C-DD62-418F-9CD3-B868913453AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DECAACAE-0DFF-43CE-83AF-84FEABAB2CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EE8F5-2F17-45E8-91BD-9DB5EE97B0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C1199B-57C2-4076-A612-5F75AE46B3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB20C4D-F8AD-4887-8B73-07495439BA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3676F8-475D-4C5D-A932-633E55A1C115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "13E2915D-36F8-4AFE-A2E0-59A8DF87A101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "79FABFF0-0D27-4954-8BA9-42187F7D9B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FF116-1FFB-4960-942E-A1A16ACEA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BC51CBC1-3303-43EF-B617-AD0C59E36000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C710E576-B368-41C9-88A8-75D88E00F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB06AB15-7F91-4B17-BBBD-AC4E4D1EBF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D7FA61-7D81-4FF3-827C-A97D35AB541B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "870B498C-3358-4EC0-B75A-B9A5D1DD40DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95BB2A02-11B4-48C1-97D7-25A9DF28ABB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CEC350-6245-453D-BB6D-79D444E1A5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "004286E0-375F-4385-87EB-0C74BD9CAF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B255442-4F12-41A1-8050-B805AAE65947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FBA2B4-490F-4A00-8967-063F91F197E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93125F1D-0CE5-423F-A73E-46F2A91E5FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00D33162-F298-4B99-A3D4-283A2A4FA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "921B3622-76A3-4D9F-936C-25A965CE1A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "56092600-ABD2-4703-BA00-9DD0AE09B46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B7EEF2-9B6A-43FC-8DBE-F82B8E01BCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EA89C8-AAE8-48F1-91E4-7AE46083A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "48928FFF-871C-4C07-8352-8C802FAD8F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "06FDB11D-C54D-4654-8142-B50D306A6A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84BABFE7-1350-4FB0-B9ED-5F08E386BC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3E20F814-87D4-41A5-B0A0-30AC6C6F2BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83150BDE-63B7-4B36-8584-E2E950E878CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8511927B-4297-47BA-BC02-6250BC40DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E19F529-B25B-4B4B-879B-872D45C7C3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D501F5A6-4E23-4A9F-A550-37BB94691687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23A66FF7-9BAB-40DA-8B90-C3C271D7E893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88776859-57A0-4422-8D23-A09D64E72F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F79CAFA-73B0-4589-9938-B7898071279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "43AA14EF-3240-442E-935A-DF455FB107D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9A14959D-63E1-4B5A-BB7F-A9A2AF3F1137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8B2427-D8C6-420B-A71F-7FD7274DF0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEA7A0B-E20F-4ECC-A789-A4282EAC3029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52002032-AB4E-4F3C-B832-EAA83F9EF97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "35D1FF2C-A40C-44EB-AAB1-A70B94E3D717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)\u0026nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la confederaci\u00f3n del Protocolo de Puerta de Enlace Fronteriza (BGP) en el software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una corrupci\u00f3n de memoria que ocurre al crear una actualizaci\u00f3n de BGP con un atributo AS_CONFED_SEQUENCE que contiene 255 n\u00fameros de sistema aut\u00f3nomo (AS). Un atacante podr\u00eda explotar esta vulnerabilidad enviando un mensaje de actualizaci\u00f3n de BGP manipulado, o la red podr\u00eda estar dise\u00f1ada para que el atributo AS_CONFED_SEQUENCE alcance 255 n\u00fameros de AS o m\u00e1s. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante causar corrupci\u00f3n de memoria, lo que podr\u00eda provocar el reinicio del proceso BGP y provocar una denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, un atacante debe controlar un interlocutor de la confederaci\u00f3n BGP dentro del mismo sistema aut\u00f3nomo que la v\u00edctima, o la red debe estar dise\u00f1ada para que el atributo AS_CONFED_SEQUENCE alcance 255 n\u00fameros de AS o m\u00e1s."
}
],
"id": "CVE-2025-20115",
"lastModified": "2025-08-01T16:13:48.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.090",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20138
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-07-31 18:11
Severity ?
Summary
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9233952-426F-487C-83B4-AFC65496B50B",
"versionEndExcluding": "24.2.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "034114AC-4134-4A85-B6CF-C89FD17EEBF2",
"versionEndExcluding": "24.4",
"versionStartIncluding": "24.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios como superusuario en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos de usuario que se pasan a comandos CLI espec\u00edficos. Un atacante con una cuenta con pocos privilegios podr\u00eda explotar esta vulnerabilidad utilizando comandos manipulados en el s\u00edmbolo del sistema. Una explotaci\u00f3n exitosa podr\u00eda permitirle elevar los privilegios a superusuario y ejecutar comandos arbitrarios."
}
],
"id": "CVE-2025-20138",
"lastModified": "2025-07-31T18:11:01.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.260",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20144
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-04 12:02
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) h\u00edbrida de paquetes IPv4 en el software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una gesti\u00f3n incorrecta de paquetes cuando existe una configuraci\u00f3n espec\u00edfica de la ACL h\u00edbrida. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle omitir una ACL configurada en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. Existen workarounds que la solucionan."
}
],
"id": "CVE-2025-20144",
"lastModified": "2025-08-04T12:02:45.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.890",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20143
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-07-22 12:28
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6CEEB-0908-4884-A51E-000000DE5E92",
"versionEndExcluding": "7.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado con privilegios elevados eluda la funcionalidad de arranque seguro e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de superusuario en el dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n insuficiente de los m\u00f3dulos durante la carga del software. Un atacante podr\u00eda explotarla manipulando los binarios cargados para eludir algunas de las comprobaciones de integridad que se realizan durante el arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que le permitir\u00eda eludir el requisito de ejecutar im\u00e1genes firmadas por Cisco o modificar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Esta vulnerabilidad afecta al software Cisco IOS XR, no a la funci\u00f3n de arranque seguro. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que la solucionen."
}
],
"id": "CVE-2025-20143",
"lastModified": "2025-07-22T12:28:22.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.733",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20141
Vulnerability from fkie_nvd - Published: 2025-03-12 16:15 - Updated: 2025-08-06 17:05
Severity ?
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la gesti\u00f3n de paquetes espec\u00edficos que se env\u00edan desde una tarjeta de l\u00ednea a un procesador de rutas en la versi\u00f3n 7.9.2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque la interrupci\u00f3n del tr\u00e1fico del plano de control en varias plataformas Cisco IOS XR. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de los paquetes que se env\u00edan al procesador de rutas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico, que debe ser gestionado por la pila de Linux en el procesador de rutas, a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar la interrupci\u00f3n del tr\u00e1fico del plano de control, lo que resultar\u00eda en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2025-20141",
"lastModified": "2025-08-06T17:05:07.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.420",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Product"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
CVE-2025-20154 (GCVE-0-2025-20154)
Vulnerability from cvelistv5 – Published: 2025-05-07 17:18 – Updated: 2025-05-07 19:46
VLAI?
Summary
A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.
This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 24.2.2 Affected: 7.8.23 Affected: 7.11.21 Affected: 24.2.20 Affected: 6.5.35 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T18:56:59.795728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:46:08.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "6.5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server\u0026nbsp;process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Security Impact Rating (SIR): Low\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Base Score: 3.7\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T17:18:50.666Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-twamp-kV4FHugn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
}
],
"source": {
"advisory": "cisco-sa-twamp-kV4FHugn",
"defects": [
"CSCwk80897"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20154",
"datePublished": "2025-05-07T17:18:50.666Z",
"dateReserved": "2024-10-10T19:15:13.216Z",
"dateUpdated": "2025-05-07T19:46:08.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20209 (GCVE-0-2025-20209)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:13 – Updated: 2025-03-12 17:51
VLAI?
Summary
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.
This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.6.1 Affected: 6.5.2 Affected: 6.6.2 Affected: 6.5.1 Affected: 7.0.1 Affected: 6.6.25 Affected: 7.0.0 Affected: 7.1.1 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.0 Affected: 7.1.2 Affected: 7.2.1 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.7.1 Affected: 7.4.2 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.11.1 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T17:50:42.688446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T17:51:32.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:12.340Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xrike-9wYGpRGq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xrike-9wYGpRGq",
"defects": [
"CSCwk64612"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20209",
"datePublished": "2025-03-12T16:13:12.340Z",
"dateReserved": "2024-10-10T19:15:13.231Z",
"dateUpdated": "2025-03-12T17:51:32.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:13 – Updated: 2025-03-14 15:31
VLAI?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
Severity ?
6.7 (Medium)
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.0.1
Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:23.530580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:04.362Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"defects": [
"CSCwk67262"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20177",
"datePublished": "2025-03-12T16:13:04.362Z",
"dateReserved": "2024-10-10T19:15:13.220Z",
"dateUpdated": "2025-03-14T15:31:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20146 (GCVE-0-2025-20146)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:27
VLAI?
Summary
A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.11.1
Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.3.1 Affected: 24.2.2 Affected: 7.11.21 Affected: 24.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:27:17.763797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:27:39.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:56.245Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-multicast-ERMrSvq7",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-multicast-ERMrSvq7",
"defects": [
"CSCwm45759"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20146",
"datePublished": "2025-03-12T16:12:56.245Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:27:39.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20145 (GCVE-0-2025-20145)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:32
VLAI?
Summary
A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.
For more information about this vulnerability, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.8 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.5.93 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.1 Affected: 7.1.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.15 Affected: 7.3.16 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.5.12 Affected: 7.7.1 Affected: 7.3.3 Affected: 7.4.2 Affected: 7.3.4 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 24.4.1 Affected: 24.2.2 Affected: 7.11.21 Affected: 24.2.20 Affected: 24.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:32:16.967308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:32:32.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.4.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "24.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.\r\nFor more information about this vulnerability, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Permissions, Privileges, and Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:48.668Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-modular-ACL-u5MEPXMm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-modular-ACL-u5MEPXMm",
"defects": [
"CSCwk63613"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20145",
"datePublished": "2025-03-12T16:12:48.668Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:32:32.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20144 (GCVE-0-2025-20144)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:33
VLAI?
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
Severity ?
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.5.93 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.6.4 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.7.1 Affected: 7.3.3 Affected: 7.4.2 Affected: 7.3.4 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.10.2 Affected: 7.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:33:04.758400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:33:28.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:39.882Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"defects": [
"CSCwi49569"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20144",
"datePublished": "2025-03-12T16:12:39.882Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:33:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20143 (GCVE-0-2025-20143)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-14 15:31
VLAI?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
6.7 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.6.11 Affected: 6.5.93 Affected: 6.6.12 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.8.1 Affected: 7.4.15 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.6.15 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.4.2 Affected: 7.3.4 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.3.6 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:22.156936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:09.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:31.135Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-lkm-zNErZjbZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-sb-lkm-zNErZjbZ",
"defects": [
"CSCvx66790"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Secure Boot Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20143",
"datePublished": "2025-03-12T16:12:31.135Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-14T15:31:09.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20142 (GCVE-0-2025-20142)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:34
VLAI?
Summary
A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.
Note: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.1.15
Affected: 7.1.2 Affected: 6.7.2 Affected: 7.1.25 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.3.1 Affected: 7.4.1 Affected: 6.8.1 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.3.3 Affected: 6.8.2 Affected: 7.7.1 Affected: 7.4.2 Affected: 7.3.4 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:34:14.309604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:34:33.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.\r\nNote: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:23.126Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipv4uni-LfM3cfBu",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ipv4uni-LfM3cfBu",
"defects": [
"CSCwf56155"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20142",
"datePublished": "2025-03-12T16:12:23.126Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:34:33.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20141 (GCVE-0-2025-20141)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:35
VLAI?
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
Severity ?
7.4 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.9.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:07.856911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:20.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:15.494Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr792-bWfVDPY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xr792-bWfVDPY",
"defects": [
"CSCwf89955"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20141",
"datePublished": "2025-03-12T16:12:15.494Z",
"dateReserved": "2024-10-10T19:15:13.214Z",
"dateUpdated": "2025-03-21T20:35:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20138 (GCVE-0-2025-20138)
Vulnerability from cvelistv5 – Published: 2025-03-12 16:12 – Updated: 2025-03-14 15:30
VLAI?
Summary
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 6.7.2 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.8.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 7.3.4 Affected: 7.4.2 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.5.52 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 24.2.2 Affected: 7.8.23 Affected: 7.11.21 Affected: 24.2.20 Affected: 24.3.2 Affected: 24.4.10 Affected: 6.5.35 Affected: 24.3.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:20.825665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:30:58.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "24.3.2"
},
{
"status": "affected",
"version": "24.4.10"
},
{
"status": "affected",
"version": "6.5.35"
},
{
"status": "affected",
"version": "24.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:06.736Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-priv-esc-GFQjxvOF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-iosxr-priv-esc-GFQjxvOF",
"defects": [
"CSCwj33398"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software CLI Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20138",
"datePublished": "2025-03-12T16:12:06.736Z",
"dateReserved": "2024-10-10T19:15:13.213Z",
"dateUpdated": "2025-03-14T15:30:58.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20154 (GCVE-0-2025-20154)
Vulnerability from nvd – Published: 2025-05-07 17:18 – Updated: 2025-05-07 19:46
VLAI?
Summary
A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled.
This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.29 Affected: 6.5.1 Affected: 6.6.1 Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.5.26 Affected: 6.6.11 Affected: 6.5.25 Affected: 6.5.28 Affected: 6.5.93 Affected: 6.6.12 Affected: 6.5.90 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 6.5.31 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 6.5.32 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 6.5.33 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 24.2.2 Affected: 7.8.23 Affected: 7.11.21 Affected: 24.2.20 Affected: 6.5.35 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T18:56:59.795728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:46:08.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.8.23"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "6.5.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server\u0026nbsp;process to reload unexpectedly if debugs are enabled.\r\n\r\nThis vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\nNote: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Security Impact Rating (SIR): Low\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Base Score: 3.7\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T17:18:50.666Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-twamp-kV4FHugn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
}
],
"source": {
"advisory": "cisco-sa-twamp-kV4FHugn",
"defects": [
"CSCwk80897"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20154",
"datePublished": "2025-05-07T17:18:50.666Z",
"dateReserved": "2024-10-10T19:15:13.216Z",
"dateUpdated": "2025-05-07T19:46:08.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20209 (GCVE-0-2025-20209)
Vulnerability from nvd – Published: 2025-03-12 16:13 – Updated: 2025-03-12 17:51
VLAI?
Summary
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.
This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.6.1 Affected: 6.5.2 Affected: 6.6.2 Affected: 6.5.1 Affected: 7.0.1 Affected: 6.6.25 Affected: 7.0.0 Affected: 7.1.1 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.0 Affected: 7.1.2 Affected: 7.2.1 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.7.1 Affected: 7.4.2 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.11.1 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T17:50:42.688446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T17:51:32.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:12.340Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xrike-9wYGpRGq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xrike-9wYGpRGq",
"defects": [
"CSCwk64612"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20209",
"datePublished": "2025-03-12T16:13:12.340Z",
"dateReserved": "2024-10-10T19:15:13.231Z",
"dateUpdated": "2025-03-12T17:51:32.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from nvd – Published: 2025-03-12 16:13 – Updated: 2025-03-14 15:31
VLAI?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
Severity ?
6.7 (Medium)
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.0.1
Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.25 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.7.4 Affected: 7.3.15 Affected: 7.3.16 Affected: 6.8.1 Affected: 7.4.15 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.6.15 Affected: 7.5.12 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.3.4 Affected: 7.4.2 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.6.3 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:23.530580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:04.362Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"defects": [
"CSCwk67262"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20177",
"datePublished": "2025-03-12T16:13:04.362Z",
"dateReserved": "2024-10-10T19:15:13.220Z",
"dateUpdated": "2025-03-14T15:31:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20146 (GCVE-0-2025-20146)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:27
VLAI?
Summary
A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.11.1
Affected: 7.9.21 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.3.1 Affected: 24.2.2 Affected: 7.11.21 Affected: 24.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:27:17.763797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:27:39.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 multicast packets through an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset. Traffic over that line card would be lost while the line card reloads."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:56.245Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-multicast-ERMrSvq7",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-multicast-ERMrSvq7",
"defects": [
"CSCwm45759"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20146",
"datePublished": "2025-03-12T16:12:56.245Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:27:39.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20145 (GCVE-0-2025-20145)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:32
VLAI?
Summary
A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.
For more information about this vulnerability, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.8 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.5.93 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.1 Affected: 7.1.2 Affected: 7.0.11 Affected: 7.0.12 Affected: 7.0.14 Affected: 6.6.4 Affected: 7.2.12 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.15 Affected: 7.3.16 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.8.1 Affected: 7.5.12 Affected: 7.7.1 Affected: 7.3.3 Affected: 7.4.2 Affected: 7.3.4 Affected: 7.6.2 Affected: 7.5.3 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.10.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.10.2 Affected: 24.1.1 Affected: 7.3.6 Affected: 7.11.2 Affected: 24.2.1 Affected: 24.1.2 Affected: 24.2.11 Affected: 24.3.1 Affected: 24.4.1 Affected: 24.2.2 Affected: 7.11.21 Affected: 24.2.20 Affected: 24.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:32:16.967308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:32:32.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "24.4.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "7.11.21"
},
{
"status": "affected",
"version": "24.2.20"
},
{
"status": "affected",
"version": "24.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device.\r\nFor more information about this vulnerability, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "Permissions, Privileges, and Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:48.668Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-modular-ACL-u5MEPXMm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-modular-ACL-u5MEPXMm",
"defects": [
"CSCwk63613"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20145",
"datePublished": "2025-03-12T16:12:48.668Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:32:32.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20144 (GCVE-0-2025-20144)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:33
VLAI?
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
Severity ?
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.5.93 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 7.0.2 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.6.4 Affected: 7.3.1 Affected: 7.4.1 Affected: 7.2.2 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.7.1 Affected: 7.3.3 Affected: 7.4.2 Affected: 7.3.4 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.7.21 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.11.1 Affected: 7.10.2 Affected: 7.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:33:04.758400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:33:28.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:39.882Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"defects": [
"CSCwi49569"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20144",
"datePublished": "2025-03-12T16:12:39.882Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:33:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20143 (GCVE-0-2025-20143)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-14 15:31
VLAI?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
6.7 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
6.5.3
Affected: 6.5.2 Affected: 6.5.92 Affected: 6.5.1 Affected: 6.5.15 Affected: 6.6.2 Affected: 7.0.1 Affected: 6.6.25 Affected: 6.6.1 Affected: 6.6.11 Affected: 6.5.93 Affected: 6.6.12 Affected: 7.0.0 Affected: 7.1.1 Affected: 7.0.90 Affected: 6.6.3 Affected: 6.7.1 Affected: 7.0.2 Affected: 7.1.15 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.1.2 Affected: 6.7.2 Affected: 7.1.25 Affected: 6.6.4 Affected: 7.3.1 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.4.1 Affected: 7.2.2 Affected: 6.8.1 Affected: 7.4.15 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.4.16 Affected: 7.3.27 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.6.15 Affected: 7.3.3 Affected: 7.7.1 Affected: 6.8.2 Affected: 7.4.2 Affected: 7.3.4 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.7.21 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.3.6 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:22.156936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:09.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to insufficient verification of modules in the software load process. An attacker could exploit this vulnerability by manipulating the loaded binaries to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: This vulnerability affects Cisco IOS XR Software, not the Secure Boot feature.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:31.135Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-lkm-zNErZjbZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-lkm-zNErZjbZ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-sb-lkm-zNErZjbZ",
"defects": [
"CSCvx66790"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Secure Boot Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20143",
"datePublished": "2025-03-12T16:12:31.135Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-14T15:31:09.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20142 (GCVE-0-2025-20142)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:34
VLAI?
Summary
A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.
Note: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.1.15
Affected: 7.1.2 Affected: 6.7.2 Affected: 7.1.25 Affected: 7.1.3 Affected: 6.7.3 Affected: 7.3.1 Affected: 7.4.1 Affected: 6.8.1 Affected: 7.3.2 Affected: 7.5.1 Affected: 7.6.1 Affected: 7.5.2 Affected: 7.3.3 Affected: 6.8.2 Affected: 7.7.1 Affected: 7.4.2 Affected: 7.3.4 Affected: 6.7.35 Affected: 6.9.1 Affected: 7.6.2 Affected: 7.8.1 Affected: 7.5.3 Affected: 7.7.2 Affected: 6.9.2 Affected: 7.9.1 Affected: 7.8.2 Affected: 7.5.4 Affected: 7.8.22 Affected: 7.10.1 Affected: 7.9.2 Affected: 7.3.5 Affected: 7.5.5 Affected: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:34:14.309604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:34:33.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to the incorrect handling of malformed IPv4 packets that are received on line cards where the interface has either an IPv4 ACL or QoS policy applied. An attacker could exploit this vulnerability by sending crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to cause network processor errors, resulting in a reset or shutdown of the network process. Traffic over that line card would be lost while the line card reloads.\r\nNote: This vulnerability has predominantly been observed in Layer 2 VPN (L2VPN) environments where an IPv4 ACL or QoS policy has been applied to the bridge virtual interface. Layer 3 configurations where the interface has either an IPv4 ACL or QoS policy applied are also affected, though the vulnerability has not been observed."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:23.126Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipv4uni-LfM3cfBu",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ipv4uni-LfM3cfBu",
"defects": [
"CSCwf56155"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20142",
"datePublished": "2025-03-12T16:12:23.126Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:34:33.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20141 (GCVE-0-2025-20141)
Vulnerability from nvd – Published: 2025-03-12 16:12 – Updated: 2025-03-21 20:35
VLAI?
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
Severity ?
7.4 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.9.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:07.856911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:20.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:15.494Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr792-bWfVDPY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xr792-bWfVDPY",
"defects": [
"CSCwf89955"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20141",
"datePublished": "2025-03-12T16:12:15.494Z",
"dateReserved": "2024-10-10T19:15:13.214Z",
"dateUpdated": "2025-03-21T20:35:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}