Vulnerability-Lookup

BDU:2025-10330

Vulnerability from fstec - Published: 07.05.2025

Title

Уязвимость операционных систем Cisco IOS коммутаторов Cisco Industrial Ethernet 2000, 4000, 4010 и 5000, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость операционных систем Cisco IOS коммутаторов Cisco Industrial Ethernet 2000, 4000, 4010 и 5000 связана с отсутствием процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS

Software Version

15.2(5a)E1 (Cisco IOS), 15.0(2)SE8 (Cisco IOS), 15.2(2)E (Cisco IOS), 15.2(2)E1 (Cisco IOS), 15.2(3)E1 (Cisco IOS), 15.2(2)E2 (Cisco IOS), 15.2(2)E3 (Cisco IOS), 15.2(2a)E2 (Cisco IOS), 15.2(3)E2 (Cisco IOS), 15.2(3)E3 (Cisco IOS), 15.2(2)E4 (Cisco IOS), 15.2(2)E5 (Cisco IOS), 15.2(3)E4 (Cisco IOS), 15.2(5)E (Cisco IOS), 15.2(2)E6 (Cisco IOS), 15.2(5)E1 (Cisco IOS), 15.2(2)E5a (Cisco IOS), 15.2(2)E7 (Cisco IOS), 15.2(5)E2 (Cisco IOS), 15.2(6)E (Cisco IOS), 15.2(5)E2c (Cisco IOS), 15.2(6)E0a (Cisco IOS), 15.2(6)E0c (Cisco IOS), 15.2(1)EY (Cisco IOS), 15.0(2)EK (Cisco IOS), 15.0(2)EK1 (Cisco IOS), 15.2(2)EB (Cisco IOS), 15.2(2)EB1 (Cisco IOS), 15.2(2)EB2 (Cisco IOS), 15.2(4)EC1 (Cisco IOS), 15.2(4)EC2 (Cisco IOS), 15.2(2b)E (Cisco IOS), 15.2(7)E (Cisco IOS), 15.2(2)E8 (Cisco IOS), 15.2(6)E1 (Cisco IOS), 15.2(2)E9 (Cisco IOS), 15.2(6)E1a (Cisco IOS), 15.2(6)E1s (Cisco IOS), 15.2(2)E10 (Cisco IOS), 15.2(2)EA2 (Cisco IOS), 15.2(3)EA (Cisco IOS), 15.2(4)EA (Cisco IOS), 15.2(4)EA1 (Cisco IOS), 15.2(2)EA3 (Cisco IOS), 15.2(4)EA4 (Cisco IOS), 15.2(4)EA5 (Cisco IOS), 15.2(4)EA6 (Cisco IOS), 15.2(4)EA7 (Cisco IOS), 15.2(4)EA8 (Cisco IOS), 15.2(4)EA9 (Cisco IOS), 15.2(2)EA (Cisco IOS), 15.2(4)EA9A (Cisco IOS), 15.2(6)E2a (Cisco IOS), 15.2(6)E3 (Cisco IOS), 15.2(6)Eb (Cisco IOS), 15.2(7)E0b (Cisco IOS), 15.2(7)E0s (Cisco IOS), 15.2(7)E1a (Cisco IOS), 15.2(7)E2 (Cisco IOS), 15.2(7)E3 (Cisco IOS), 15.2(7)E5 (Cisco IOS), 15.2(8)E (Cisco IOS), 15.2(8)E1 (Cisco IOS), 15.2(7)E4 (Cisco IOS), 15.2(7)E6 (Cisco IOS), 15.2(8)E2 (Cisco IOS), 15.2(7)E7 (Cisco IOS), 15.2(8)E3 (Cisco IOS), 15.2(7)E8 (Cisco IOS), 15.2(8)E4 (Cisco IOS), 15.2(7)E9 (Cisco IOS), 15.2(8)E5 (Cisco IOS), 15.2(7)E10 (Cisco IOS), 15.2(8)E6 (Cisco IOS), 15.0(2)EA (Cisco IOS), 15.0(2)EA1 (Cisco IOS), 15.2(7)E11 (Cisco IOS), 15.3(3)JPU (Cisco IOS)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3

CWE

CWE-862

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.2(5a)E1 (Cisco IOS), 15.0(2)SE8 (Cisco IOS), 15.2(2)E (Cisco IOS), 15.2(2)E1 (Cisco IOS), 15.2(3)E1 (Cisco IOS), 15.2(2)E2 (Cisco IOS), 15.2(2)E3 (Cisco IOS), 15.2(2a)E2 (Cisco IOS), 15.2(3)E2 (Cisco IOS), 15.2(3)E3 (Cisco IOS), 15.2(2)E4 (Cisco IOS), 15.2(2)E5 (Cisco IOS), 15.2(3)E4 (Cisco IOS), 15.2(5)E (Cisco IOS), 15.2(2)E6 (Cisco IOS), 15.2(5)E1 (Cisco IOS), 15.2(2)E5a (Cisco IOS), 15.2(2)E7 (Cisco IOS), 15.2(5)E2 (Cisco IOS), 15.2(6)E (Cisco IOS), 15.2(5)E2c (Cisco IOS), 15.2(6)E0a (Cisco IOS), 15.2(6)E0c (Cisco IOS), 15.2(1)EY (Cisco IOS), 15.0(2)EK (Cisco IOS), 15.0(2)EK1 (Cisco IOS), 15.2(2)EB (Cisco IOS), 15.2(2)EB1 (Cisco IOS), 15.2(2)EB2 (Cisco IOS), 15.2(4)EC1 (Cisco IOS), 15.2(4)EC2 (Cisco IOS), 15.2(2b)E (Cisco IOS), 15.2(7)E (Cisco IOS), 15.2(2)E8 (Cisco IOS), 15.2(6)E1 (Cisco IOS), 15.2(2)E9 (Cisco IOS), 15.2(6)E1a (Cisco IOS), 15.2(6)E1s (Cisco IOS), 15.2(2)E10 (Cisco IOS), 15.2(2)EA2 (Cisco IOS), 15.2(3)EA (Cisco IOS), 15.2(4)EA (Cisco IOS), 15.2(4)EA1 (Cisco IOS), 15.2(2)EA3 (Cisco IOS), 15.2(4)EA4 (Cisco IOS), 15.2(4)EA5 (Cisco IOS), 15.2(4)EA6 (Cisco IOS), 15.2(4)EA7 (Cisco IOS), 15.2(4)EA8 (Cisco IOS), 15.2(4)EA9 (Cisco IOS), 15.2(2)EA (Cisco IOS), 15.2(4)EA9A (Cisco IOS), 15.2(6)E2a (Cisco IOS), 15.2(6)E3 (Cisco IOS), 15.2(6)Eb (Cisco IOS), 15.2(7)E0b (Cisco IOS), 15.2(7)E0s (Cisco IOS), 15.2(7)E1a (Cisco IOS), 15.2(7)E2 (Cisco IOS), 15.2(7)E3 (Cisco IOS), 15.2(7)E5 (Cisco IOS), 15.2(8)E (Cisco IOS), 15.2(8)E1 (Cisco IOS), 15.2(7)E4 (Cisco IOS), 15.2(7)E6 (Cisco IOS), 15.2(8)E2 (Cisco IOS), 15.2(7)E7 (Cisco IOS), 15.2(8)E3 (Cisco IOS), 15.2(7)E8 (Cisco IOS), 15.2(8)E4 (Cisco IOS), 15.2(7)E9 (Cisco IOS), 15.2(8)E5 (Cisco IOS), 15.2(7)E10 (Cisco IOS), 15.2(8)E6 (Cisco IOS), 15.0(2)EA (Cisco IOS), 15.0(2)EA1 (Cisco IOS), 15.2(7)E11 (Cisco IOS), 15.3(3)JPU (Cisco IOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10330",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20164",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS 15.2(5a)E1 , Cisco Systems Inc. Cisco IOS 15.0(2)SE8 , Cisco Systems Inc. Cisco IOS 15.2(2)E , Cisco Systems Inc. Cisco IOS 15.2(2)E1 , Cisco Systems Inc. Cisco IOS 15.2(3)E1 , Cisco Systems Inc. Cisco IOS 15.2(2)E2 , Cisco Systems Inc. Cisco IOS 15.2(2)E3 , Cisco Systems Inc. Cisco IOS 15.2(2a)E2 , Cisco Systems Inc. Cisco IOS 15.2(3)E2 , Cisco Systems Inc. Cisco IOS 15.2(3)E3 , Cisco Systems Inc. Cisco IOS 15.2(2)E4 , Cisco Systems Inc. Cisco IOS 15.2(2)E5 , Cisco Systems Inc. Cisco IOS 15.2(3)E4 , Cisco Systems Inc. Cisco IOS 15.2(5)E , Cisco Systems Inc. Cisco IOS 15.2(2)E6 , Cisco Systems Inc. Cisco IOS 15.2(5)E1 , Cisco Systems Inc. Cisco IOS 15.2(2)E5a , Cisco Systems Inc. Cisco IOS 15.2(2)E7 , Cisco Systems Inc. Cisco IOS 15.2(5)E2 , Cisco Systems Inc. Cisco IOS 15.2(6)E , Cisco Systems Inc. Cisco IOS 15.2(5)E2c , Cisco Systems Inc. Cisco IOS 15.2(6)E0a , Cisco Systems Inc. Cisco IOS 15.2(6)E0c , Cisco Systems Inc. Cisco IOS 15.2(1)EY , Cisco Systems Inc. Cisco IOS 15.0(2)EK , Cisco Systems Inc. Cisco IOS 15.0(2)EK1 , Cisco Systems Inc. Cisco IOS 15.2(2)EB , Cisco Systems Inc. Cisco IOS 15.2(2)EB1 , Cisco Systems Inc. Cisco IOS 15.2(2)EB2 , Cisco Systems Inc. Cisco IOS 15.2(4)EC1 , Cisco Systems Inc. Cisco IOS 15.2(4)EC2 , Cisco Systems Inc. Cisco IOS 15.2(2b)E , Cisco Systems Inc. Cisco IOS 15.2(7)E , Cisco Systems Inc. Cisco IOS 15.2(2)E8 , Cisco Systems Inc. Cisco IOS 15.2(6)E1 , Cisco Systems Inc. Cisco IOS 15.2(2)E9 , Cisco Systems Inc. Cisco IOS 15.2(6)E1a , Cisco Systems Inc. Cisco IOS 15.2(6)E1s , Cisco Systems Inc. Cisco IOS 15.2(2)E10 , Cisco Systems Inc. Cisco IOS 15.2(2)EA2 , Cisco Systems Inc. Cisco IOS 15.2(3)EA , Cisco Systems Inc. Cisco IOS 15.2(4)EA , Cisco Systems Inc. Cisco IOS 15.2(4)EA1 , Cisco Systems Inc. Cisco IOS 15.2(2)EA3 , Cisco Systems Inc. Cisco IOS 15.2(4)EA4 , Cisco Systems Inc. Cisco IOS 15.2(4)EA5 , Cisco Systems Inc. Cisco IOS 15.2(4)EA6 , Cisco Systems Inc. Cisco IOS 15.2(4)EA7 , Cisco Systems Inc. Cisco IOS 15.2(4)EA8 , Cisco Systems Inc. Cisco IOS 15.2(4)EA9 , Cisco Systems Inc. Cisco IOS 15.2(2)EA , Cisco Systems Inc. Cisco IOS 15.2(4)EA9A , Cisco Systems Inc. Cisco IOS 15.2(6)E2a , Cisco Systems Inc. Cisco IOS 15.2(6)E3 , Cisco Systems Inc. Cisco IOS 15.2(6)Eb , Cisco Systems Inc. Cisco IOS 15.2(7)E0b , Cisco Systems Inc. Cisco IOS 15.2(7)E0s , Cisco Systems Inc. Cisco IOS 15.2(7)E1a , Cisco Systems Inc. Cisco IOS 15.2(7)E2 , Cisco Systems Inc. Cisco IOS 15.2(7)E3 , Cisco Systems Inc. Cisco IOS 15.2(7)E5 , Cisco Systems Inc. Cisco IOS 15.2(8)E , Cisco Systems Inc. Cisco IOS 15.2(8)E1 , Cisco Systems Inc. Cisco IOS 15.2(7)E4 , Cisco Systems Inc. Cisco IOS 15.2(7)E6 , Cisco Systems Inc. Cisco IOS 15.2(8)E2 , Cisco Systems Inc. Cisco IOS 15.2(7)E7 , Cisco Systems Inc. Cisco IOS 15.2(8)E3 , Cisco Systems Inc. Cisco IOS 15.2(7)E8 , Cisco Systems Inc. Cisco IOS 15.2(8)E4 , Cisco Systems Inc. Cisco IOS 15.2(7)E9 , Cisco Systems Inc. Cisco IOS 15.2(8)E5 , Cisco Systems Inc. Cisco IOS 15.2(7)E10 , Cisco Systems Inc. Cisco IOS 15.2(8)E6 , Cisco Systems Inc. Cisco IOS 15.0(2)EA , Cisco Systems Inc. Cisco IOS 15.0(2)EA1 , Cisco Systems Inc. Cisco IOS 15.2(7)E11 , Cisco Systems Inc. Cisco IOS 15.3(3)JPU ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco IOS \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Industrial Ethernet 2000, 4000, 4010 \u0438 5000, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CWE-862)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco IOS \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Industrial Ethernet 2000, 4000, 4010 \u0438 5000 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-862",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

CVE-2025-20164 (GCVE-0-2025-20164)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:36 – Updated: 2026-02-26 18:28

Summary

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE

CWE-862 - Missing Authorization

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	IOS	Affected: 15.0(2)SE8 Affected: 15.0(2)EA Affected: 15.0(2)EA1 Affected: 15.2(2)E Affected: 15.2(2)E1 Affected: 15.2(3)E1 Affected: 15.2(2)E2 Affected: 15.2(2)E3 Affected: 15.2(2a)E2 Affected: 15.2(3)E2 Affected: 15.2(3)E3 Affected: 15.2(2)E4 Affected: 15.2(2)E5 Affected: 15.2(3)E4 Affected: 15.2(5)E Affected: 15.2(2)E6 Affected: 15.2(5)E1 Affected: 15.2(2)E5a Affected: 15.2(5a)E1 Affected: 15.2(2)E7 Affected: 15.2(5)E2 Affected: 15.2(6)E Affected: 15.2(5)E2c Affected: 15.2(2)E8 Affected: 15.2(6)E0a Affected: 15.2(6)E1 Affected: 15.2(6)E0c Affected: 15.2(2)E9 Affected: 15.2(7)E Affected: 15.2(2)E10 Affected: 15.2(6)E2a Affected: 15.2(7)E0b Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(7)E2 Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7)E4 Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.2(7)E9 Affected: 15.2(8)E5 Affected: 15.2(8)E6 Affected: 15.2(7)E10 Affected: 15.2(7)E11 Affected: 15.2(1)EY Affected: 15.0(2)EK Affected: 15.0(2)EK1 Affected: 15.2(2)EB Affected: 15.2(2)EB1 Affected: 15.2(2)EB2 Affected: 15.2(6)EB Affected: 15.2(2)EA Affected: 15.2(2)EA2 Affected: 15.2(3)EA Affected: 15.2(4)EA Affected: 15.2(4)EA1 Affected: 15.2(2)EA3 Affected: 15.2(4)EA4 Affected: 15.2(4)EA5 Affected: 15.2(4)EA6 Affected: 15.2(4)EA7 Affected: 15.2(4)EA8 Affected: 15.2(4)EA9 Affected: 15.2(4)EA9a Affected: 15.2(4)EC1 Affected: 15.2(4)EC2 Affected: 15.3(3)JPU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T03:56:34.423573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:48.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "15.0(2)SE8"
            },
            {
              "status": "affected",
              "version": "15.0(2)EA"
            },
            {
              "status": "affected",
              "version": "15.0(2)EA1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E1"
            },
            {
              "status": "affected",
              "version": "15.2(3)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E2"
            },
            {
              "status": "affected",
              "version": "15.2(2)E3"
            },
            {
              "status": "affected",
              "version": "15.2(2a)E2"
            },
            {
              "status": "affected",
              "version": "15.2(3)E2"
            },
            {
              "status": "affected",
              "version": "15.2(3)E3"
            },
            {
              "status": "affected",
              "version": "15.2(2)E4"
            },
            {
              "status": "affected",
              "version": "15.2(2)E5"
            },
            {
              "status": "affected",
              "version": "15.2(3)E4"
            },
            {
              "status": "affected",
              "version": "15.2(5)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E6"
            },
            {
              "status": "affected",
              "version": "15.2(5)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E5a"
            },
            {
              "status": "affected",
              "version": "15.2(5a)E1"
            },
            {
              "status": "affected",
              "version": "15.2(2)E7"
            },
            {
              "status": "affected",
              "version": "15.2(5)E2"
            },
            {
              "status": "affected",
              "version": "15.2(6)E"
            },
            {
              "status": "affected",
              "version": "15.2(5)E2c"
            },
            {
              "status": "affected",
              "version": "15.2(2)E8"
            },
            {
              "status": "affected",
              "version": "15.2(6)E0a"
            },
            {
              "status": "affected",
              "version": "15.2(6)E1"
            },
            {
              "status": "affected",
              "version": "15.2(6)E0c"
            },
            {
              "status": "affected",
              "version": "15.2(2)E9"
            },
            {
              "status": "affected",
              "version": "15.2(7)E"
            },
            {
              "status": "affected",
              "version": "15.2(2)E10"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2a"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0s"
            },
            {
              "status": "affected",
              "version": "15.2(6)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E1a"
            },
            {
              "status": "affected",
              "version": "15.2(7)E4"
            },
            {
              "status": "affected",
              "version": "15.2(8)E"
            },
            {
              "status": "affected",
              "version": "15.2(8)E1"
            },
            {
              "status": "affected",
              "version": "15.2(7)E5"
            },
            {
              "status": "affected",
              "version": "15.2(7)E6"
            },
            {
              "status": "affected",
              "version": "15.2(8)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7)E7"
            },
            {
              "status": "affected",
              "version": "15.2(8)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E8"
            },
            {
              "status": "affected",
              "version": "15.2(8)E4"
            },
            {
              "status": "affected",
              "version": "15.2(7)E9"
            },
            {
              "status": "affected",
              "version": "15.2(8)E5"
            },
            {
              "status": "affected",
              "version": "15.2(8)E6"
            },
            {
              "status": "affected",
              "version": "15.2(7)E10"
            },
            {
              "status": "affected",
              "version": "15.2(7)E11"
            },
            {
              "status": "affected",
              "version": "15.2(1)EY"
            },
            {
              "status": "affected",
              "version": "15.0(2)EK"
            },
            {
              "status": "affected",
              "version": "15.0(2)EK1"
            },
            {
              "status": "affected",
              "version": "15.2(2)EB"
            },
            {
              "status": "affected",
              "version": "15.2(2)EB1"
            },
            {
              "status": "affected",
              "version": "15.2(2)EB2"
            },
            {
              "status": "affected",
              "version": "15.2(6)EB"
            },
            {
              "status": "affected",
              "version": "15.2(2)EA"
            },
            {
              "status": "affected",
              "version": "15.2(2)EA2"
            },
            {
              "status": "affected",
              "version": "15.2(3)EA"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA1"
            },
            {
              "status": "affected",
              "version": "15.2(2)EA3"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA4"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA5"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA6"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA7"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA8"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA9"
            },
            {
              "status": "affected",
              "version": "15.2(4)EA9a"
            },
            {
              "status": "affected",
              "version": "15.2(4)EC1"
            },
            {
              "status": "affected",
              "version": "15.2(4)EC2"
            },
            {
              "status": "affected",
              "version": "15.3(3)JPU"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.\r\n\r This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.\r\n\r To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "Missing Authorization",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T17:36:33.740Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ios-http-privesc-wCRd5e3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-http-privesc-wCRd5e3",
        "defects": [
          "CSCwj97907"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20164",
    "datePublished": "2025-05-07T17:36:33.740Z",
    "dateReserved": "2024-10-10T19:15:13.218Z",
    "dateUpdated": "2026-02-26T18:28:48.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-10330

CVE-2025-20164 (GCVE-0-2025-20164)

Tags

Sightings

Nomenclature