cvelistv5 - cve-2025-20221

CVE-2025-20221 (GCVE-0-2025-20221)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:38 – Updated: 2025-05-07 19:41

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Affected: 16.12.13 Affected: 17.1.1 Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.2a Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1a Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.6.7 Affected: 17.6.8 Affected: 17.6.8a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.5e Affected: 17.9.5f Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1a Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z2 Affected: 17.12.4a Affected: 17.12.4b Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.15.1 Affected: 17.15.1a Affected: 17.15.2 Affected: 17.15.1x Affected: 17.15.2c Affected: 17.15.2b Affected: 17.16.1 Affected: 17.16.1a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T18:56:50.900282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:41:59.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.12.13"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.3"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1r"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.1v"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.1y"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.6.7"
            },
            {
              "status": "affected",
              "version": "17.6.8"
            },
            {
              "status": "affected",
              "version": "17.6.8a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.3a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.5"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.9.5a"
            },
            {
              "status": "affected",
              "version": "17.9.5b"
            },
            {
              "status": "affected",
              "version": "17.9.6"
            },
            {
              "status": "affected",
              "version": "17.9.6a"
            },
            {
              "status": "affected",
              "version": "17.9.5e"
            },
            {
              "status": "affected",
              "version": "17.9.5f"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.12.4"
            },
            {
              "status": "affected",
              "version": "17.12.3a"
            },
            {
              "status": "affected",
              "version": "17.12.1z2"
            },
            {
              "status": "affected",
              "version": "17.12.4a"
            },
            {
              "status": "affected",
              "version": "17.12.4b"
            },
            {
              "status": "affected",
              "version": "17.13.1"
            },
            {
              "status": "affected",
              "version": "17.13.1a"
            },
            {
              "status": "affected",
              "version": "17.14.1"
            },
            {
              "status": "affected",
              "version": "17.14.1a"
            },
            {
              "status": "affected",
              "version": "17.15.1"
            },
            {
              "status": "affected",
              "version": "17.15.1a"
            },
            {
              "status": "affected",
              "version": "17.15.2"
            },
            {
              "status": "affected",
              "version": "17.15.1x"
            },
            {
              "status": "affected",
              "version": "17.15.2c"
            },
            {
              "status": "affected",
              "version": "17.15.2b"
            },
            {
              "status": "affected",
              "version": "17.16.1"
            },
            {
              "status": "affected",
              "version": "17.16.1a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \r\n\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T17:38:49.862Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-snmp-bypass-HHUVujdn",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snmp-bypass-HHUVujdn",
        "defects": [
          "CSCwn25087"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20221",
    "datePublished": "2025-05-07T17:38:49.862Z",
    "dateReserved": "2024-10-10T19:15:13.233Z",
    "dateUpdated": "2025-05-07T19:41:59.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-20221\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-05-07T18:15:41.917\",\"lastModified\":\"2025-07-11T14:43:38.090\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \\r\\n\\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en las funciones de filtrado de paquetes de Cisco IOS XE SD-WAN Software podr\u00eda permitir que un atacante remoto no autenticado eluda los filtros de tr\u00e1fico de Capa 3 y Capa 4. Esta vulnerabilidad se debe a condiciones inadecuadas de filtrado de tr\u00e1fico en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete manipulado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eludir los filtros de tr\u00e1fico de Capa 3 y Capa 4 e inyectar un paquete manipulado en la red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E2A28A-700E-4546-AA94-2B13C925BDFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E306B09C-CB48-4067-B60C-5F738555EEAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B4D4659-A304-459F-8AB3-ED6D84B44C0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B51FA707-8DB1-4596-9122-D4BFEF17F400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04DF35A-1B6F-420A-8D84-74EB41BF3700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"211CC9B2-6108-4C50-AB31-DC527C43053E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DCCBA3-82D2-4444-B5D3-E5FC58D024F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"128F95D7-E49F-4B36-8F47-823C0298449E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21B3881-37E9-4C00-9336-12C9C28D1B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B270A04-9961-4E99-806B-441CD674AFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1360069D-0358-4746-8C3F-44C2A40988D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DD2403-113B-4100-8BD4-90E1927E6648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DDB1E60-C2A9-4570-BE80-F3D478A53738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2902D8-3A7B-4C47-9BC6-8CA4C580A346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"917BA05C-2A18-4C68-B508-85C2B5A94416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06337791-7D8D-4EAA-BACC-4E270F377B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"336A8630-653C-4E28-8DE1-76CDD8573980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A1767AE-7D9F-4BAA-90E1-CF8314CD0B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6B707B-4543-41F1-83DF-49A93BF56FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8F611B-D347-4A21-90E6-56CF4D8A35A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9A92CE4-B4B0-4C14-AE11-8DFE511406F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274E3E6F-4280-4EAE-B102-1BE57FE1F1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938B0720-8CA7-43BA-9708-5CE9EC7A565A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BE7166-DBD3-4CE6-A14A-725FE896B85E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE62C4B-7C06-4907-BADE-416C1618D2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B80614B-6362-45F0-B305-2F137B053DCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B78942C-BEE1-4D18-9075-8E1D991BF621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B306D35-4A13-4D23-8EC2-D000E8ADCDA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F21093D-1036-4F6B-B90F-ACE1EF99EA33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280D24C6-A2BF-46E8-B512-6A3FA7833922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F903F51-ABF4-49B0-A5BA-A6B51F79666F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F244E7-8EE9-4E58-83FA-EEDD3C8F792D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5238B1D1-740D-4B37-A0CB-1B3343E55D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27E0750C-A622-49D6-A8EF-B59E2F8F1912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2258D93E-71AA-4964-A5DF-008E3479F2A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.6.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"608ACC60-143B-4835-B6AC-E6C3111B4078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38B87B17-C653-40AC-8AE4-066BB1123C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9012A66E-82C4-4ACF-A4BB-37EC54B87B50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"849C6FF1-F7C0-4021-BCA2-A791C87E4F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7592C7E3-3735-425F-A276-9EE03224CD5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1103BE75-EB64-4A9A-801E-EDE6A1F861F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C2129-8149-4362-827C-A5494C9D398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7452C7E9-6241-42C5-9A7F-13C0BD38A2B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D197445E-EC12-429C-BDD4-F63FA5C1B3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD27DF50-9E81-4EC5-BA73-513F1DFB972C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EA3EAA-A379-467E-AF9A-FCFBACAE49C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC63AAF-758F-4A70-9738-96E75A0A1DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67BE408-8DCF-491F-9EA9-E368565C1B49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9CFE98A-FBA5-4837-BBD9-3C875ECEBF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36A5F20F-3F38-4FB9-B49D-28569EB1A763\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2264D7-5E89-4F50-B948-FAB41D07C8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.5b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BB8368D-B9F9-4679-8154-1174E140CA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.5e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78EEDF40-2CDA-4147-A9F2-A5F4B8FF35EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.5f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40CEA4FC-B946-4D54-A45B-686FC02D5411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BDBE176-04ED-48F0-BA9F-45BECFEDBE2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.9.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E52AA0-0A77-47DF-9600-7D5B8A6D09B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FAEC29-D754-49D6-85F1-F5DDFAF6E80F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE76032-948F-444F-BA5D-72A34D1CD382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A965A2A-129C-45C3-BCB1-2860F583D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F313F2EC-F3D6-4639-934C-402DDA3DA806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFB2CA6-8332-4E4D-BDB4-C3B770D3AD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF0778B-015D-481B-BAC0-40667F3453D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EEBC0EB-0DBB-4530-AFC4-AA0036469656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.1z2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E147E53-B047-429F-9E3B-04FB5F777B85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE165207-A066-44C1-B78A-6EFD80023204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1098FCEA-6A9F-4634-A0EF-EC55ABCCEA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B97B06-206B-42F0-B68F-5C5136EAD2B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6281EB0F-EE0E-4B06-A7A1-29460A98A8CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07650346-67D7-4805-BF81-BB145304CC87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.12.4b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C6C0D21-ABD5-42F1-B04B-745CA6115D07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8577AF01-F2C7-48D3-AB0B-78BD63A60029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.13.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD0D2D94-6470-4E4B-A1B1-0124F92AA793\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31789E98-7C8D-4C5A-8A3F-FC9AFE9A248C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.14.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A62648B-3273-4D75-8533-A5CBE1B1BCE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0174C08C-8846-45AE-83ED-E9964348FA28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E73D685D-A002-4D82-9B4C-1D6B5C0B0320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.1x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4F9C74B-113E-4808-B979-7738E3A52B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18E50D1-BAF5-4C0F-9253-774089BAA2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E0FD5B7-69E7-43CB-A658-E05557AC2D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.15.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBDBD9B-7122-413B-8671-17AEBE56C2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88707E5B-2040-40AB-A8D2-39D6B97E40B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.16.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04A22BF-A461-4B5F-BB30-5F5C2FE56134\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20221\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-07T18:56:50.900282Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-07T18:56:52.535Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwn25087\"], \"advisory\": \"cisco-sa-snmp-bypass-HHUVujdn\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.12.13\"}, {\"status\": \"affected\", \"version\": \"17.1.1\"}, {\"status\": \"affected\", \"version\": \"17.1.1s\"}, {\"status\": \"affected\", \"version\": \"17.1.1t\"}, {\"status\": \"affected\", \"version\": \"17.1.3\"}, {\"status\": \"affected\", \"version\": \"17.2.1\"}, {\"status\": \"affected\", \"version\": \"17.2.1r\"}, {\"status\": \"affected\", \"version\": \"17.2.1a\"}, {\"status\": \"affected\", \"version\": \"17.2.1v\"}, {\"status\": \"affected\", \"version\": \"17.2.2\"}, {\"status\": \"affected\", \"version\": \"17.2.3\"}, {\"status\": \"affected\", \"version\": \"17.3.1\"}, {\"status\": \"affected\", \"version\": \"17.3.2\"}, {\"status\": \"affected\", \"version\": \"17.3.3\"}, {\"status\": \"affected\", \"version\": \"17.3.1a\"}, {\"status\": \"affected\", \"version\": \"17.3.2a\"}, {\"status\": \"affected\", \"version\": \"17.3.4\"}, {\"status\": \"affected\", \"version\": \"17.3.5\"}, {\"status\": \"affected\", \"version\": \"17.3.4a\"}, {\"status\": \"affected\", \"version\": \"17.3.6\"}, {\"status\": \"affected\", \"version\": \"17.3.7\"}, {\"status\": \"affected\", \"version\": \"17.3.8\"}, {\"status\": \"affected\", \"version\": \"17.3.8a\"}, {\"status\": \"affected\", \"version\": \"17.4.1\"}, {\"status\": \"affected\", \"version\": \"17.4.2\"}, {\"status\": \"affected\", \"version\": \"17.4.1a\"}, {\"status\": \"affected\", \"version\": \"17.4.1b\"}, {\"status\": \"affected\", \"version\": \"17.5.1\"}, {\"status\": \"affected\", \"version\": \"17.5.1a\"}, {\"status\": \"affected\", \"version\": \"17.6.1\"}, {\"status\": \"affected\", \"version\": \"17.6.2\"}, {\"status\": \"affected\", \"version\": \"17.6.1a\"}, {\"status\": \"affected\", \"version\": \"17.6.3\"}, {\"status\": \"affected\", \"version\": \"17.6.1y\"}, {\"status\": \"affected\", \"version\": \"17.6.3a\"}, {\"status\": \"affected\", \"version\": \"17.6.4\"}, {\"status\": \"affected\", \"version\": \"17.6.5\"}, {\"status\": \"affected\", \"version\": \"17.6.6\"}, {\"status\": \"affected\", \"version\": \"17.6.6a\"}, {\"status\": \"affected\", \"version\": \"17.6.5a\"}, {\"status\": \"affected\", \"version\": \"17.6.7\"}, {\"status\": \"affected\", \"version\": \"17.6.8\"}, {\"status\": \"affected\", \"version\": \"17.6.8a\"}, {\"status\": \"affected\", \"version\": \"17.7.1\"}, {\"status\": \"affected\", \"version\": \"17.7.1a\"}, {\"status\": \"affected\", \"version\": \"17.7.2\"}, {\"status\": \"affected\", \"version\": \"17.10.1\"}, {\"status\": \"affected\", \"version\": \"17.10.1a\"}, {\"status\": \"affected\", \"version\": \"17.10.1b\"}, {\"status\": \"affected\", \"version\": \"17.8.1\"}, {\"status\": \"affected\", \"version\": \"17.8.1a\"}, {\"status\": \"affected\", \"version\": \"17.9.1\"}, {\"status\": \"affected\", \"version\": \"17.9.2\"}, {\"status\": \"affected\", \"version\": \"17.9.1a\"}, {\"status\": \"affected\", \"version\": \"17.9.3\"}, {\"status\": \"affected\", \"version\": \"17.9.2a\"}, {\"status\": \"affected\", \"version\": \"17.9.3a\"}, {\"status\": \"affected\", \"version\": \"17.9.4\"}, {\"status\": \"affected\", \"version\": \"17.9.5\"}, {\"status\": \"affected\", \"version\": \"17.9.4a\"}, {\"status\": \"affected\", \"version\": \"17.9.5a\"}, {\"status\": \"affected\", \"version\": \"17.9.5b\"}, {\"status\": \"affected\", \"version\": \"17.9.6\"}, {\"status\": \"affected\", \"version\": \"17.9.6a\"}, {\"status\": \"affected\", \"version\": \"17.9.5e\"}, {\"status\": \"affected\", \"version\": \"17.9.5f\"}, {\"status\": \"affected\", \"version\": \"17.11.1\"}, {\"status\": \"affected\", \"version\": \"17.11.1a\"}, {\"status\": \"affected\", \"version\": \"17.12.1\"}, {\"status\": \"affected\", \"version\": \"17.12.1a\"}, {\"status\": \"affected\", \"version\": \"17.12.2\"}, {\"status\": \"affected\", \"version\": \"17.12.3\"}, {\"status\": \"affected\", \"version\": \"17.12.4\"}, {\"status\": \"affected\", \"version\": \"17.12.3a\"}, {\"status\": \"affected\", \"version\": \"17.12.1z2\"}, {\"status\": \"affected\", \"version\": \"17.12.4a\"}, {\"status\": \"affected\", \"version\": \"17.12.4b\"}, {\"status\": \"affected\", \"version\": \"17.13.1\"}, {\"status\": \"affected\", \"version\": \"17.13.1a\"}, {\"status\": \"affected\", \"version\": \"17.14.1\"}, {\"status\": \"affected\", \"version\": \"17.14.1a\"}, {\"status\": \"affected\", \"version\": \"17.15.1\"}, {\"status\": \"affected\", \"version\": \"17.15.1a\"}, {\"status\": \"affected\", \"version\": \"17.15.2\"}, {\"status\": \"affected\", \"version\": \"17.15.1x\"}, {\"status\": \"affected\", \"version\": \"17.15.2c\"}, {\"status\": \"affected\", \"version\": \"17.15.2b\"}, {\"status\": \"affected\", \"version\": \"17.16.1\"}, {\"status\": \"affected\", \"version\": \"17.16.1a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\\r\\n\\r\\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn\", \"name\": \"cisco-sa-snmp-bypass-HHUVujdn\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \\r\\n\\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-200\", \"description\": \"Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-05-07T17:38:49.862Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20221\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-07T19:41:59.096Z\", \"dateReserved\": \"2024-10-10T19:15:13.233Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-05-07T17:38:49.862Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-20221

Vulnerability from fkie_nvd - Published: 2025-05-07 18:15 - Updated: 2025-07-11 14:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	16.12.13
cisco	ios_xe	17.1.1
cisco	ios_xe	17.1.1s
cisco	ios_xe	17.1.1t
cisco	ios_xe	17.1.3
cisco	ios_xe	17.2.1
cisco	ios_xe	17.2.1a
cisco	ios_xe	17.2.1r
cisco	ios_xe	17.2.1v
cisco	ios_xe	17.2.2
cisco	ios_xe	17.2.3
cisco	ios_xe	17.3.1
cisco	ios_xe	17.3.1a
cisco	ios_xe	17.3.2
cisco	ios_xe	17.3.2a
cisco	ios_xe	17.3.3
cisco	ios_xe	17.3.4
cisco	ios_xe	17.3.4a
cisco	ios_xe	17.3.5
cisco	ios_xe	17.3.6
cisco	ios_xe	17.3.7
cisco	ios_xe	17.3.8
cisco	ios_xe	17.3.8a
cisco	ios_xe	17.4.1
cisco	ios_xe	17.4.1a
cisco	ios_xe	17.4.1b
cisco	ios_xe	17.4.2
cisco	ios_xe	17.5.1
cisco	ios_xe	17.5.1a
cisco	ios_xe	17.6.1
cisco	ios_xe	17.6.1a
cisco	ios_xe	17.6.1y
cisco	ios_xe	17.6.2
cisco	ios_xe	17.6.3
cisco	ios_xe	17.6.3a
cisco	ios_xe	17.6.4
cisco	ios_xe	17.6.5
cisco	ios_xe	17.6.5a
cisco	ios_xe	17.6.6
cisco	ios_xe	17.6.6a
cisco	ios_xe	17.6.7
cisco	ios_xe	17.6.8
cisco	ios_xe	17.6.8a
cisco	ios_xe	17.7.1
cisco	ios_xe	17.7.1a
cisco	ios_xe	17.7.2
cisco	ios_xe	17.8.1
cisco	ios_xe	17.8.1a
cisco	ios_xe	17.9.1
cisco	ios_xe	17.9.1a
cisco	ios_xe	17.9.2
cisco	ios_xe	17.9.2a
cisco	ios_xe	17.9.3
cisco	ios_xe	17.9.3a
cisco	ios_xe	17.9.4
cisco	ios_xe	17.9.4a
cisco	ios_xe	17.9.5
cisco	ios_xe	17.9.5a
cisco	ios_xe	17.9.5b
cisco	ios_xe	17.9.5e
cisco	ios_xe	17.9.5f
cisco	ios_xe	17.9.6
cisco	ios_xe	17.9.6a
cisco	ios_xe	17.10.1
cisco	ios_xe	17.10.1a
cisco	ios_xe	17.10.1b
cisco	ios_xe	17.11.1
cisco	ios_xe	17.11.1a
cisco	ios_xe	17.12.1
cisco	ios_xe	17.12.1a
cisco	ios_xe	17.12.1z2
cisco	ios_xe	17.12.2
cisco	ios_xe	17.12.3
cisco	ios_xe	17.12.3a
cisco	ios_xe	17.12.4
cisco	ios_xe	17.12.4a
cisco	ios_xe	17.12.4b
cisco	ios_xe	17.13.1
cisco	ios_xe	17.13.1a
cisco	ios_xe	17.14.1
cisco	ios_xe	17.14.1a
cisco	ios_xe	17.15.1
cisco	ios_xe	17.15.1a
cisco	ios_xe	17.15.1x
cisco	ios_xe	17.15.2
cisco	ios_xe	17.15.2b
cisco	ios_xe	17.15.2c
cisco	ios_xe	17.16.1
cisco	ios_xe	17.16.1a

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E2A28A-700E-4546-AA94-2B13C925BDFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306B09C-CB48-4067-B60C-5F738555EEAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4D4659-A304-459F-8AB3-ED6D84B44C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
              "matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21B3881-37E9-4C00-9336-12C9C28D1B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B270A04-9961-4E99-806B-441CD674AFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360069D-0358-4746-8C3F-44C2A40988D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DD2403-113B-4100-8BD4-90E1927E6648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DDB1E60-C2A9-4570-BE80-F3D478A53738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2902D8-3A7B-4C47-9BC6-8CA4C580A346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "917BA05C-2A18-4C68-B508-85C2B5A94416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "06337791-7D8D-4EAA-BACC-4E270F377B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "336A8630-653C-4E28-8DE1-76CDD8573980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A1767AE-7D9F-4BAA-90E1-CF8314CD0B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8F611B-D347-4A21-90E6-56CF4D8A35A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A92CE4-B4B0-4C14-AE11-8DFE511406F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "274E3E6F-4280-4EAE-B102-1BE57FE1F1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "938B0720-8CA7-43BA-9708-5CE9EC7A565A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE7166-DBD3-4CE6-A14A-725FE896B85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B80614B-6362-45F0-B305-2F137B053DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B78942C-BEE1-4D18-9075-8E1D991BF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B306D35-4A13-4D23-8EC2-D000E8ADCDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F21093D-1036-4F6B-B90F-ACE1EF99EA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "280D24C6-A2BF-46E8-B512-6A3FA7833922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F903F51-ABF4-49B0-A5BA-A6B51F79666F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F244E7-8EE9-4E58-83FA-EEDD3C8F792D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5238B1D1-740D-4B37-A0CB-1B3343E55D05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E0750C-A622-49D6-A8EF-B59E2F8F1912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2258D93E-71AA-4964-A5DF-008E3479F2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "608ACC60-143B-4835-B6AC-E6C3111B4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B87B17-C653-40AC-8AE4-066BB1123C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "9012A66E-82C4-4ACF-A4BB-37EC54B87B50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "849C6FF1-F7C0-4021-BCA2-A791C87E4F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7592C7E3-3735-425F-A276-9EE03224CD5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1103BE75-EB64-4A9A-801E-EDE6A1F861F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C2129-8149-4362-827C-A5494C9D398B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7452C7E9-6241-42C5-9A7F-13C0BD38A2B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D197445E-EC12-429C-BDD4-F63FA5C1B3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD27DF50-9E81-4EC5-BA73-513F1DFB972C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EA3EAA-A379-467E-AF9A-FCFBACAE49C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FC63AAF-758F-4A70-9738-96E75A0A1DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67BE408-8DCF-491F-9EA9-E368565C1B49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9CFE98A-FBA5-4837-BBD9-3C875ECEBF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36A5F20F-3F38-4FB9-B49D-28569EB1A763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2264D7-5E89-4F50-B948-FAB41D07C8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB8368D-B9F9-4679-8154-1174E140CA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "78EEDF40-2CDA-4147-A9F2-A5F4B8FF35EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.5f:*:*:*:*:*:*:*",
              "matchCriteriaId": "40CEA4FC-B946-4D54-A45B-686FC02D5411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDBE176-04ED-48F0-BA9F-45BECFEDBE2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E52AA0-0A77-47DF-9600-7D5B8A6D09B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42FAEC29-D754-49D6-85F1-F5DDFAF6E80F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE76032-948F-444F-BA5D-72A34D1CD382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A965A2A-129C-45C3-BCB1-2860F583D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F313F2EC-F3D6-4639-934C-402DDA3DA806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AFB2CA6-8332-4E4D-BDB4-C3B770D3AD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF0778B-015D-481B-BAC0-40667F3453D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EEBC0EB-0DBB-4530-AFC4-AA0036469656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.1z2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E147E53-B047-429F-9E3B-04FB5F777B85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE165207-A066-44C1-B78A-6EFD80023204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1098FCEA-6A9F-4634-A0EF-EC55ABCCEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B97B06-206B-42F0-B68F-5C5136EAD2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6281EB0F-EE0E-4B06-A7A1-29460A98A8CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "07650346-67D7-4805-BF81-BB145304CC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.12.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C6C0D21-ABD5-42F1-B04B-745CA6115D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8577AF01-F2C7-48D3-AB0B-78BD63A60029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.13.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0D2D94-6470-4E4B-A1B1-0124F92AA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31789E98-7C8D-4C5A-8A3F-FC9AFE9A248C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.14.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A62648B-3273-4D75-8533-A5CBE1B1BCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0174C08C-8846-45AE-83ED-E9964348FA28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73D685D-A002-4D82-9B4C-1D6B5C0B0320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.1x:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F9C74B-113E-4808-B979-7738E3A52B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18E50D1-BAF5-4C0F-9253-774089BAA2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E0FD5B7-69E7-43CB-A658-E05557AC2D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.15.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBDBD9B-7122-413B-8671-17AEBE56C2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88707E5B-2040-40AB-A8D2-39D6B97E40B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.16.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04A22BF-A461-4B5F-BB30-5F5C2FE56134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \r\n\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en las funciones de filtrado de paquetes de Cisco IOS XE SD-WAN Software podr\u00eda permitir que un atacante remoto no autenticado eluda los filtros de tr\u00e1fico de Capa 3 y Capa 4. Esta vulnerabilidad se debe a condiciones inadecuadas de filtrado de tr\u00e1fico en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete manipulado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eludir los filtros de tr\u00e1fico de Capa 3 y Capa 4 e inyectar un paquete manipulado en la red."
    }
  ],
  "id": "CVE-2025-20221",
  "lastModified": "2025-07-11T14:43:38.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-07T18:15:41.917",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

CISCO-SA-SNMP-BYPASS-HHUVUJDN

Vulnerability from csaf_cisco - Published: 2025-05-07 16:00 - Updated: 2025-09-22 14:12

Summary

Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability

Notes

Summary

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"].

Vulnerable Products

Cisco IOS XE Software At the time of publication, this vulnerability affected universal Cisco IOS XE Software releases 17.2.1r and later that were running in Controller mode. Cisco IOS XE Software releases earlier than Release 17.2.1r are not affected by this vulnerability because they do not include the SD-WAN feature. At the time of publication, this vulnerability also affected the following standalone Cisco IOS XE SD-WAN Software releases: 16.9.1 through 16.9.4 16.10.1 through 16.10.5 16.11.1a 16.12.2r through 16.12.4 Note: The standalone Cisco IOS XE SD-WAN release images are separate from the universal Cisco IOS XE Software releases. The SD-WAN feature set was first integrated into the universal Cisco IOS XE Software releases starting with Cisco IOS XE Software Release 17.2.1r. For more information, see the Install and Upgrade Cisco IOS XE Catalyst SD-WAN Release 17.2.1r and Later ["https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html"] chapter of the Cisco Catalyst SD-WAN Getting Started Guide. Cisco IOS XE cEdge Routers At the time of publication, this vulnerability affected Cisco SD-WAN cEdge Routers with Simple Network Management Protocol (SNMP) enabled on any SD-WAN Tunnel interface. If SNMP is not enabled, the device is not affected by this vulnerability. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether a device has SNMP version 1 (SNMPv1) or Community-based SNMP version 2 (SNMPv2c) enabled, use the show running-config | include snmp-server community CLI command. If there is output, SNMP is enabled, as shown in the following example: Router# show running-config | include snmp-server community snmp-server community public ro To determine whether a device has SNMP version 3 (SNMPv3) enabled, use the show running-config | include snmp-server group and show snmp user CLI commands. If there is output from both commands, SNMPv3 is enabled, as shown in the following example: Router# show running-config | include snmp-server group snmp-server group v3group v3 noauth Router# show snmp user User name: remoteuser1 Engine ID: 800000090300EE01E71C178C storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: None Group-name: v3group

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS Software Meraki NX-OS Software

Workarounds

There is a workaround that addresses this vulnerability. To remediate this issue, make one of the following changes from the Cisco SD-WAN Manager interface: Configure an extended access control list (ACL) to block and allow specific ingress and egress traffic to and from the device. For instructions, see Configure ACL to Block/Match Traffic on cEdges with vManage Policy ["https://www.cisco.com/c/en/us/support/docs/routers/catalyst-8000v-edge-software/218102-configure-acl-to-block-match-traffic-on.html"]. Configure a device access policy to be pushed down to the edge devices to block unsolicited SNMP traffic. When configuring the policy, consider that SNMPv3 authorization must happen before any response is sent to a host that sends a request. For instructions, see the Device Access Policy ["https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/device-access-policy.html"] chapter of the Cisco Catalyst SD-WAN Policies Configuration Guide. If the device is not in Controller mode or the device does not have SD-WAN enabled, the device is not affected by this vulnerability. While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Cisco considers any workarounds and mitigations to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"]. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”). To use the tool, go to the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] page and follow the instructions. Alternatively, use the following form to determine whether a release is affected by any Cisco Security Advisory. To use the form, follow these steps: Choose which advisories the tool will search—only this advisory, only advisories with a Critical or High Security Impact Rating (SIR) ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"], or all advisories. Enter a release number—for example, 15.9(3)M2 or 17.3.3. Click Check. Only this advisory All Critical and High advisories All advisories

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory. The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank the external researcher who reported this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank the external researcher who reported this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.\r\n\r\nThis vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.\r\n\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\r\n\r\n\r\n\r\nThis advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279\"].",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Cisco IOS XE Software\r\nAt the time of publication, this vulnerability affected universal Cisco IOS XE Software releases 17.2.1r and later that were running in Controller mode. Cisco IOS XE Software releases earlier than Release 17.2.1r are not affected by this vulnerability because they do not include the SD-WAN feature.\r\n\r\nAt the time of publication, this vulnerability also affected the following standalone Cisco IOS XE SD-WAN Software releases:\r\n\r\n16.9.1 through 16.9.4\r\n16.10.1 through 16.10.5\r\n16.11.1a\r\n16.12.2r through 16.12.4\r\n\r\nNote: The standalone Cisco IOS XE SD-WAN release images are separate from the universal Cisco IOS XE Software releases. The SD-WAN feature set was first integrated into the universal Cisco IOS XE Software releases starting with Cisco IOS XE Software Release 17.2.1r. For more information, see the Install and Upgrade Cisco IOS XE Catalyst SD-WAN Release 17.2.1r and Later [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html\"] chapter of the Cisco Catalyst SD-WAN Getting Started Guide.\r\n  Cisco IOS XE cEdge Routers\r\nAt the time of publication, this vulnerability affected Cisco SD-WAN cEdge Routers with Simple Network Management Protocol (SNMP) enabled on any SD-WAN Tunnel interface. If SNMP is not enabled, the device is not affected by this vulnerability.\r\n\r\nFor information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software [\"#fs\"] section of this advisory.\r\n\r\nDetermine the Device Configuration\r\n\r\nTo determine whether a device has SNMP version 1 (SNMPv1) or Community-based SNMP version 2 (SNMPv2c) enabled, use the show running-config | include snmp-server community CLI command. If there is output, SNMP is enabled, as shown in the following example:\r\n\r\n\r\nRouter# show running-config | include snmp-server community\r\nsnmp-server community public ro\r\n\r\nTo determine whether a device has SNMP version 3 (SNMPv3) enabled, use the show running-config | include snmp-server group and show snmp user CLI commands. If there is output from both commands, SNMPv3 is enabled, as shown in the following example:\r\n\r\n\r\nRouter# show running-config | include snmp-server group\r\nsnmp-server group v3group v3 noauth\r\nRouter# show snmp user\r\nUser name: remoteuser1\r\nEngine ID: 800000090300EE01E71C178C\r\nstorage-type: nonvolatile     active\r\nAuthentication Protocol: SHA\r\nPrivacy Protocol: None\r\nGroup-name: v3group",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS Software\r\nMeraki\r\nNX-OS Software",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There is a workaround that addresses this vulnerability.\r\n\r\nTo remediate this issue, make one of the following changes from the Cisco SD-WAN Manager interface:\r\n\r\nConfigure an extended access control list (ACL) to block and allow specific ingress and egress traffic to and from the device. For instructions, see Configure ACL to Block/Match Traffic on cEdges with vManage Policy [\"https://www.cisco.com/c/en/us/support/docs/routers/catalyst-8000v-edge-software/218102-configure-acl-to-block-match-traffic-on.html\"].\r\nConfigure a device access policy to be pushed down to the edge devices to block unsolicited SNMP traffic. When configuring the policy, consider that SNMPv3 authorization must happen before any response is sent to a host that sends a request. For instructions, see the Device Access Policy [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/device-access-policy.html\"] chapter of the Cisco Catalyst SD-WAN Policies Configuration Guide.\r\n\r\nIf the device is not in Controller mode or the device does not have SD-WAN enabled, the device is not affected by this vulnerability.\r\n\r\nWhile this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco considers any workarounds and mitigations to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.\r\n      Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"]. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (\u201cFirst Fixed\u201d). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (\u201cCombined First Fixed\u201d).\r\n\r\nTo use the tool, go to the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] page and follow the instructions. Alternatively, use the following form to determine whether a release is affected by any Cisco Security Advisory. To use the form, follow these steps:\r\n\r\nChoose which advisories the tool will search\u2014only this advisory, only advisories with a Critical or High Security Impact Rating (SIR) [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr\"], or all advisories.\r\nEnter a release number\u2014for example, 15.9(3)M2 or 17.3.3.\r\nClick Check.\r\n\r\n       Only this advisory  All Critical and High advisories  All advisories",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank the external researcher who reported this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"
      },
      {
        "category": "external",
        "summary": "Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication",
        "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Install and Upgrade Cisco IOS XE Catalyst SD-WAN Release 17.2.1r and Later",
        "url": "https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html"
      },
      {
        "category": "external",
        "summary": "Configure ACL to Block/Match Traffic on cEdges with vManage Policy",
        "url": "https://www.cisco.com/c/en/us/support/docs/routers/catalyst-8000v-edge-software/218102-configure-acl-to-block-match-traffic-on.html"
      },
      {
        "category": "external",
        "summary": "Device Access Policy",
        "url": "https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/device-access-policy.html"
      },
      {
        "category": "external",
        "summary": "Cisco Software Checker",
        "url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
      },
      {
        "category": "external",
        "summary": "Security Impact Rating (SIR)",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#asr"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2025-09-22T14:12:28+00:00",
      "generator": {
        "date": "2025-09-22T14:12:33+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-snmp-bypass-HHUVujdn",
      "initial_release_date": "2025-05-07T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T15:52:56+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2025-09-22T14:12:28+00:00",
          "number": "1.1.0",
          "summary": "Clarified the vulnerable configuration."
        }
      ],
      "status": "final",
      "version": "1.1.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "16.12.13",
                    "product": {
                      "name": "16.12.13",
                      "product_id": "CSAFPID-303041"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.14",
                    "product": {
                      "name": "16.12.14",
                      "product_id": "CSAFPID-305303"
                    }
                  }
                ],
                "category": "product_version",
                "name": "16.12"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.1.1",
                    "product": {
                      "name": "17.1.1",
                      "product_id": "CSAFPID-245377"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.1.1s",
                    "product": {
                      "name": "17.1.1s",
                      "product_id": "CSAFPID-274818"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.1.2",
                    "product": {
                      "name": "17.1.2",
                      "product_id": "CSAFPID-277338"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.1.1t",
                    "product": {
                      "name": "17.1.1t",
                      "product_id": "CSAFPID-277348"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.1.3",
                    "product": {
                      "name": "17.1.3",
                      "product_id": "CSAFPID-280652"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.1"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.2.1",
                    "product": {
                      "name": "17.2.1",
                      "product_id": "CSAFPID-251225"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.2.1r",
                    "product": {
                      "name": "17.2.1r",
                      "product_id": "CSAFPID-277194"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.2.1a",
                    "product": {
                      "name": "17.2.1a",
                      "product_id": "CSAFPID-277343"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.2.1v",
                    "product": {
                      "name": "17.2.1v",
                      "product_id": "CSAFPID-278002"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.2.2",
                    "product": {
                      "name": "17.2.2",
                      "product_id": "CSAFPID-278504"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.2.3",
                    "product": {
                      "name": "17.2.3",
                      "product_id": "CSAFPID-280939"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.2"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.3.1",
                    "product": {
                      "name": "17.3.1",
                      "product_id": "CSAFPID-254712"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.2",
                    "product": {
                      "name": "17.3.2",
                      "product_id": "CSAFPID-277099"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.3",
                    "product": {
                      "name": "17.3.3",
                      "product_id": "CSAFPID-278019"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.1a",
                    "product": {
                      "name": "17.3.1a",
                      "product_id": "CSAFPID-279338"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.2a",
                    "product": {
                      "name": "17.3.2a",
                      "product_id": "CSAFPID-280555"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.4",
                    "product": {
                      "name": "17.3.4",
                      "product_id": "CSAFPID-282028"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.5",
                    "product": {
                      "name": "17.3.5",
                      "product_id": "CSAFPID-282115"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.4a",
                    "product": {
                      "name": "17.3.4a",
                      "product_id": "CSAFPID-284178"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.6",
                    "product": {
                      "name": "17.3.6",
                      "product_id": "CSAFPID-284331"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.7",
                    "product": {
                      "name": "17.3.7",
                      "product_id": "CSAFPID-290671"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.8",
                    "product": {
                      "name": "17.3.8",
                      "product_id": "CSAFPID-295398"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.3.8a",
                    "product": {
                      "name": "17.3.8a",
                      "product_id": "CSAFPID-300847"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.3"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.4.1",
                    "product": {
                      "name": "17.4.1",
                      "product_id": "CSAFPID-262588"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.4.2",
                    "product": {
                      "name": "17.4.2",
                      "product_id": "CSAFPID-278020"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.4.1a",
                    "product": {
                      "name": "17.4.1a",
                      "product_id": "CSAFPID-280770"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.4.1b",
                    "product": {
                      "name": "17.4.1b",
                      "product_id": "CSAFPID-280899"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.4.1c",
                    "product": {
                      "name": "17.4.1c",
                      "product_id": "CSAFPID-282116"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.4"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.5.1",
                    "product": {
                      "name": "17.5.1",
                      "product_id": "CSAFPID-262590"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.5.1a",
                    "product": {
                      "name": "17.5.1a",
                      "product_id": "CSAFPID-282046"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.5.1b",
                    "product": {
                      "name": "17.5.1b",
                      "product_id": "CSAFPID-290596"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.5.1c",
                    "product": {
                      "name": "17.5.1c",
                      "product_id": "CSAFPID-292698"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.5"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.6.1",
                    "product": {
                      "name": "17.6.1",
                      "product_id": "CSAFPID-262592"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.2",
                    "product": {
                      "name": "17.6.2",
                      "product_id": "CSAFPID-282117"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.1a",
                    "product": {
                      "name": "17.6.1a",
                      "product_id": "CSAFPID-284179"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.3",
                    "product": {
                      "name": "17.6.3",
                      "product_id": "CSAFPID-286409"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.1y",
                    "product": {
                      "name": "17.6.1y",
                      "product_id": "CSAFPID-286477"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.3a",
                    "product": {
                      "name": "17.6.3a",
                      "product_id": "CSAFPID-286594"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.4",
                    "product": {
                      "name": "17.6.4",
                      "product_id": "CSAFPID-287087"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.5",
                    "product": {
                      "name": "17.6.5",
                      "product_id": "CSAFPID-290660"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.6",
                    "product": {
                      "name": "17.6.6",
                      "product_id": "CSAFPID-292656"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.6a",
                    "product": {
                      "name": "17.6.6a",
                      "product_id": "CSAFPID-300848"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.5a",
                    "product": {
                      "name": "17.6.5a",
                      "product_id": "CSAFPID-300850"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.7",
                    "product": {
                      "name": "17.6.7",
                      "product_id": "CSAFPID-300851"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.8",
                    "product": {
                      "name": "17.6.8",
                      "product_id": "CSAFPID-301722"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.6.8a",
                    "product": {
                      "name": "17.6.8a",
                      "product_id": "CSAFPID-302974"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.6"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.7.1",
                    "product": {
                      "name": "17.7.1",
                      "product_id": "CSAFPID-277357"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.7.1a",
                    "product": {
                      "name": "17.7.1a",
                      "product_id": "CSAFPID-285329"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.7.2",
                    "product": {
                      "name": "17.7.2",
                      "product_id": "CSAFPID-286534"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.7"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.10.1",
                    "product": {
                      "name": "17.10.1",
                      "product_id": "CSAFPID-278018"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.10.1a",
                    "product": {
                      "name": "17.10.1a",
                      "product_id": "CSAFPID-290580"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.10.1b",
                    "product": {
                      "name": "17.10.1b",
                      "product_id": "CSAFPID-292650"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.10"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.8.1",
                    "product": {
                      "name": "17.8.1",
                      "product_id": "CSAFPID-278023"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.8.1a",
                    "product": {
                      "name": "17.8.1a",
                      "product_id": "CSAFPID-286486"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.8"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.9.1",
                    "product": {
                      "name": "17.9.1",
                      "product_id": "CSAFPID-278025"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.2",
                    "product": {
                      "name": "17.9.2",
                      "product_id": "CSAFPID-288221"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.1a",
                    "product": {
                      "name": "17.9.1a",
                      "product_id": "CSAFPID-288247"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.3",
                    "product": {
                      "name": "17.9.3",
                      "product_id": "CSAFPID-290674"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.2a",
                    "product": {
                      "name": "17.9.2a",
                      "product_id": "CSAFPID-290675"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.3a",
                    "product": {
                      "name": "17.9.3a",
                      "product_id": "CSAFPID-295198"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.4",
                    "product": {
                      "name": "17.9.4",
                      "product_id": "CSAFPID-295412"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5",
                    "product": {
                      "name": "17.9.5",
                      "product_id": "CSAFPID-300263"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.4a",
                    "product": {
                      "name": "17.9.4a",
                      "product_id": "CSAFPID-300845"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5a",
                    "product": {
                      "name": "17.9.5a",
                      "product_id": "CSAFPID-301278"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5b",
                    "product": {
                      "name": "17.9.5b",
                      "product_id": "CSAFPID-301619"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.6",
                    "product": {
                      "name": "17.9.6",
                      "product_id": "CSAFPID-301723"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5d",
                    "product": {
                      "name": "17.9.5d",
                      "product_id": "CSAFPID-302784"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.6a",
                    "product": {
                      "name": "17.9.6a",
                      "product_id": "CSAFPID-302891"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5e",
                    "product": {
                      "name": "17.9.5e",
                      "product_id": "CSAFPID-303047"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.5f",
                    "product": {
                      "name": "17.9.5f",
                      "product_id": "CSAFPID-303316"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.9.7b",
                    "product": {
                      "name": "17.9.7b",
                      "product_id": "CSAFPID-306388"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.9"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.11.1",
                    "product": {
                      "name": "17.11.1",
                      "product_id": "CSAFPID-286799"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.11.1a",
                    "product": {
                      "name": "17.11.1a",
                      "product_id": "CSAFPID-294838"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.11"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.12.1",
                    "product": {
                      "name": "17.12.1",
                      "product_id": "CSAFPID-286801"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.1a",
                    "product": {
                      "name": "17.12.1a",
                      "product_id": "CSAFPID-300012"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.2",
                    "product": {
                      "name": "17.12.2",
                      "product_id": "CSAFPID-300834"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.3",
                    "product": {
                      "name": "17.12.3",
                      "product_id": "CSAFPID-300936"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.4",
                    "product": {
                      "name": "17.12.4",
                      "product_id": "CSAFPID-301716"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.3a",
                    "product": {
                      "name": "17.12.3a",
                      "product_id": "CSAFPID-302628"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.1z2",
                    "product": {
                      "name": "17.12.1z2",
                      "product_id": "CSAFPID-302964"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.4a",
                    "product": {
                      "name": "17.12.4a",
                      "product_id": "CSAFPID-303024"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.4b",
                    "product": {
                      "name": "17.12.4b",
                      "product_id": "CSAFPID-303308"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.12.5c",
                    "product": {
                      "name": "17.12.5c",
                      "product_id": "CSAFPID-306389"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.12"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.13.1",
                    "product": {
                      "name": "17.13.1",
                      "product_id": "CSAFPID-295359"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.13.1a",
                    "product": {
                      "name": "17.13.1a",
                      "product_id": "CSAFPID-300947"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.13"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.14.1",
                    "product": {
                      "name": "17.14.1",
                      "product_id": "CSAFPID-295361"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.14.1a",
                    "product": {
                      "name": "17.14.1a",
                      "product_id": "CSAFPID-301611"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.14"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.15.1",
                    "product": {
                      "name": "17.15.1",
                      "product_id": "CSAFPID-300938"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.1a",
                    "product": {
                      "name": "17.15.1a",
                      "product_id": "CSAFPID-302682"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.2",
                    "product": {
                      "name": "17.15.2",
                      "product_id": "CSAFPID-302782"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.1x",
                    "product": {
                      "name": "17.15.1x",
                      "product_id": "CSAFPID-302851"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.2c",
                    "product": {
                      "name": "17.15.2c",
                      "product_id": "CSAFPID-303212"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.15.2b",
                    "product": {
                      "name": "17.15.2b",
                      "product_id": "CSAFPID-303311"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.15"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.16.1",
                    "product": {
                      "name": "17.16.1",
                      "product_id": "CSAFPID-301219"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "17.16.1a",
                    "product": {
                      "name": "17.16.1a",
                      "product_id": "CSAFPID-302979"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.16"
              }
            ],
            "category": "product_family",
            "name": "Cisco IOS XE Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20221",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwn25087"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-245377",
          "CSAFPID-251225",
          "CSAFPID-254712",
          "CSAFPID-262588",
          "CSAFPID-262590",
          "CSAFPID-262592",
          "CSAFPID-274818",
          "CSAFPID-277099",
          "CSAFPID-277194",
          "CSAFPID-277338",
          "CSAFPID-277343",
          "CSAFPID-277348",
          "CSAFPID-277357",
          "CSAFPID-278002",
          "CSAFPID-278018",
          "CSAFPID-278019",
          "CSAFPID-278020",
          "CSAFPID-278023",
          "CSAFPID-278025",
          "CSAFPID-278504",
          "CSAFPID-279338",
          "CSAFPID-280555",
          "CSAFPID-280652",
          "CSAFPID-280770",
          "CSAFPID-280899",
          "CSAFPID-280939",
          "CSAFPID-282028",
          "CSAFPID-282046",
          "CSAFPID-282115",
          "CSAFPID-282116",
          "CSAFPID-282117",
          "CSAFPID-284178",
          "CSAFPID-284179",
          "CSAFPID-284331",
          "CSAFPID-285329",
          "CSAFPID-286409",
          "CSAFPID-286477",
          "CSAFPID-286486",
          "CSAFPID-286534",
          "CSAFPID-286594",
          "CSAFPID-286799",
          "CSAFPID-286801",
          "CSAFPID-287087",
          "CSAFPID-288221",
          "CSAFPID-288247",
          "CSAFPID-290580",
          "CSAFPID-290596",
          "CSAFPID-290660",
          "CSAFPID-290671",
          "CSAFPID-290674",
          "CSAFPID-290675",
          "CSAFPID-292650",
          "CSAFPID-292656",
          "CSAFPID-292698",
          "CSAFPID-294838",
          "CSAFPID-295198",
          "CSAFPID-295359",
          "CSAFPID-295361",
          "CSAFPID-295398",
          "CSAFPID-295412",
          "CSAFPID-300012",
          "CSAFPID-300263",
          "CSAFPID-300834",
          "CSAFPID-300845",
          "CSAFPID-300847",
          "CSAFPID-300848",
          "CSAFPID-300850",
          "CSAFPID-300851",
          "CSAFPID-300936",
          "CSAFPID-300938",
          "CSAFPID-300947",
          "CSAFPID-301219",
          "CSAFPID-301278",
          "CSAFPID-301611",
          "CSAFPID-301619",
          "CSAFPID-301716",
          "CSAFPID-301722",
          "CSAFPID-301723",
          "CSAFPID-302628",
          "CSAFPID-302682",
          "CSAFPID-302782",
          "CSAFPID-302784",
          "CSAFPID-302851",
          "CSAFPID-302891",
          "CSAFPID-302964",
          "CSAFPID-302974",
          "CSAFPID-302979",
          "CSAFPID-303024",
          "CSAFPID-303041",
          "CSAFPID-303047",
          "CSAFPID-303212",
          "CSAFPID-303308",
          "CSAFPID-303311",
          "CSAFPID-303316",
          "CSAFPID-305303",
          "CSAFPID-306388",
          "CSAFPID-306389"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-245377",
            "CSAFPID-251225",
            "CSAFPID-254712",
            "CSAFPID-262588",
            "CSAFPID-262590",
            "CSAFPID-262592",
            "CSAFPID-274818",
            "CSAFPID-277099",
            "CSAFPID-277194",
            "CSAFPID-277338",
            "CSAFPID-277343",
            "CSAFPID-277348",
            "CSAFPID-277357",
            "CSAFPID-278002",
            "CSAFPID-278018",
            "CSAFPID-278019",
            "CSAFPID-278020",
            "CSAFPID-278023",
            "CSAFPID-278025",
            "CSAFPID-278504",
            "CSAFPID-279338",
            "CSAFPID-280555",
            "CSAFPID-280652",
            "CSAFPID-280770",
            "CSAFPID-280899",
            "CSAFPID-280939",
            "CSAFPID-282028",
            "CSAFPID-282046",
            "CSAFPID-282115",
            "CSAFPID-282116",
            "CSAFPID-282117",
            "CSAFPID-284178",
            "CSAFPID-284179",
            "CSAFPID-284331",
            "CSAFPID-285329",
            "CSAFPID-286409",
            "CSAFPID-286477",
            "CSAFPID-286486",
            "CSAFPID-286534",
            "CSAFPID-286594",
            "CSAFPID-286799",
            "CSAFPID-286801",
            "CSAFPID-287087",
            "CSAFPID-288221",
            "CSAFPID-288247",
            "CSAFPID-290580",
            "CSAFPID-290596",
            "CSAFPID-290660",
            "CSAFPID-290671",
            "CSAFPID-290674",
            "CSAFPID-290675",
            "CSAFPID-292650",
            "CSAFPID-292656",
            "CSAFPID-292698",
            "CSAFPID-294838",
            "CSAFPID-295198",
            "CSAFPID-295359",
            "CSAFPID-295361",
            "CSAFPID-295398",
            "CSAFPID-295412",
            "CSAFPID-300012",
            "CSAFPID-300263",
            "CSAFPID-300834",
            "CSAFPID-300845",
            "CSAFPID-300847",
            "CSAFPID-300848",
            "CSAFPID-300850",
            "CSAFPID-300851",
            "CSAFPID-300936",
            "CSAFPID-300938",
            "CSAFPID-300947",
            "CSAFPID-301219",
            "CSAFPID-301278",
            "CSAFPID-301611",
            "CSAFPID-301619",
            "CSAFPID-301716",
            "CSAFPID-301722",
            "CSAFPID-301723",
            "CSAFPID-302628",
            "CSAFPID-302682",
            "CSAFPID-302782",
            "CSAFPID-302784",
            "CSAFPID-302851",
            "CSAFPID-302891",
            "CSAFPID-302964",
            "CSAFPID-302974",
            "CSAFPID-302979",
            "CSAFPID-303024",
            "CSAFPID-303041",
            "CSAFPID-303047",
            "CSAFPID-303212",
            "CSAFPID-303308",
            "CSAFPID-303311",
            "CSAFPID-303316",
            "CSAFPID-305303",
            "CSAFPID-306388",
            "CSAFPID-306389"
          ],
          "url": "https://software.cisco.com"
        },
        {
          "category": "workaround",
          "details": "There is a workaround that addresses this vulnerability.\r\n\r\nTo remediate this issue, make one of the following changes from the Cisco SD-WAN Manager interface:\r\n\r\nConfigure an extended access control list (ACL) to block and allow specific ingress and egress traffic to and from the device. For instructions, see Configure ACL to Block/Match Traffic on cEdges with vManage Policy [\"https://www.cisco.com/c/en/us/support/docs/routers/catalyst-8000v-edge-software/218102-configure-acl-to-block-match-traffic-on.html\"].\r\nConfigure a device access policy to be pushed down to the edge devices to block unsolicited SNMP traffic. When configuring the policy, consider that SNMPv3 authorization must happen before any response is sent to a host that sends a request. For instructions, see the Device Access Policy [\"https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/device-access-policy.html\"] chapter of the Cisco Catalyst SD-WAN Policies Configuration Guide.\r\n\r\nIf the device is not in Controller mode or the device does not have SD-WAN enabled, the device is not affected by this vulnerability.\r\n\r\nWhile this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
          "product_ids": [
            "CSAFPID-245377",
            "CSAFPID-251225",
            "CSAFPID-254712",
            "CSAFPID-262588",
            "CSAFPID-262590",
            "CSAFPID-262592",
            "CSAFPID-274818",
            "CSAFPID-277099",
            "CSAFPID-277194",
            "CSAFPID-277338",
            "CSAFPID-277343",
            "CSAFPID-277348",
            "CSAFPID-277357",
            "CSAFPID-278002",
            "CSAFPID-278018",
            "CSAFPID-278019",
            "CSAFPID-278020",
            "CSAFPID-278023",
            "CSAFPID-278025",
            "CSAFPID-278504",
            "CSAFPID-279338",
            "CSAFPID-280555",
            "CSAFPID-280652",
            "CSAFPID-280770",
            "CSAFPID-280899",
            "CSAFPID-280939",
            "CSAFPID-282028",
            "CSAFPID-282046",
            "CSAFPID-282115",
            "CSAFPID-282116",
            "CSAFPID-282117",
            "CSAFPID-284178",
            "CSAFPID-284179",
            "CSAFPID-284331",
            "CSAFPID-285329",
            "CSAFPID-286409",
            "CSAFPID-286477",
            "CSAFPID-286486",
            "CSAFPID-286534",
            "CSAFPID-286594",
            "CSAFPID-286799",
            "CSAFPID-286801",
            "CSAFPID-287087",
            "CSAFPID-288221",
            "CSAFPID-288247",
            "CSAFPID-290580",
            "CSAFPID-290596",
            "CSAFPID-290660",
            "CSAFPID-290671",
            "CSAFPID-290674",
            "CSAFPID-290675",
            "CSAFPID-292650",
            "CSAFPID-292656",
            "CSAFPID-292698",
            "CSAFPID-294838",
            "CSAFPID-295198",
            "CSAFPID-295359",
            "CSAFPID-295361",
            "CSAFPID-295398",
            "CSAFPID-295412",
            "CSAFPID-300012",
            "CSAFPID-300263",
            "CSAFPID-300834",
            "CSAFPID-300845",
            "CSAFPID-300847",
            "CSAFPID-300848",
            "CSAFPID-300850",
            "CSAFPID-300851",
            "CSAFPID-300936",
            "CSAFPID-300938",
            "CSAFPID-300947",
            "CSAFPID-301219",
            "CSAFPID-301278",
            "CSAFPID-301611",
            "CSAFPID-301619",
            "CSAFPID-301716",
            "CSAFPID-301722",
            "CSAFPID-301723",
            "CSAFPID-302628",
            "CSAFPID-302682",
            "CSAFPID-302782",
            "CSAFPID-302784",
            "CSAFPID-302851",
            "CSAFPID-302891",
            "CSAFPID-302964",
            "CSAFPID-302974",
            "CSAFPID-302979",
            "CSAFPID-303024",
            "CSAFPID-303041",
            "CSAFPID-303047",
            "CSAFPID-303212",
            "CSAFPID-303308",
            "CSAFPID-303311",
            "CSAFPID-303316",
            "CSAFPID-305303",
            "CSAFPID-306388",
            "CSAFPID-306389"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-245377",
            "CSAFPID-251225",
            "CSAFPID-254712",
            "CSAFPID-262588",
            "CSAFPID-262590",
            "CSAFPID-262592",
            "CSAFPID-274818",
            "CSAFPID-277099",
            "CSAFPID-277194",
            "CSAFPID-277338",
            "CSAFPID-277343",
            "CSAFPID-277348",
            "CSAFPID-277357",
            "CSAFPID-278002",
            "CSAFPID-278018",
            "CSAFPID-278019",
            "CSAFPID-278020",
            "CSAFPID-278023",
            "CSAFPID-278025",
            "CSAFPID-278504",
            "CSAFPID-279338",
            "CSAFPID-280555",
            "CSAFPID-280652",
            "CSAFPID-280770",
            "CSAFPID-280899",
            "CSAFPID-280939",
            "CSAFPID-282028",
            "CSAFPID-282046",
            "CSAFPID-282115",
            "CSAFPID-282116",
            "CSAFPID-282117",
            "CSAFPID-284178",
            "CSAFPID-284179",
            "CSAFPID-284331",
            "CSAFPID-285329",
            "CSAFPID-286409",
            "CSAFPID-286477",
            "CSAFPID-286486",
            "CSAFPID-286534",
            "CSAFPID-286594",
            "CSAFPID-286799",
            "CSAFPID-286801",
            "CSAFPID-287087",
            "CSAFPID-288221",
            "CSAFPID-288247",
            "CSAFPID-290580",
            "CSAFPID-290596",
            "CSAFPID-290660",
            "CSAFPID-290671",
            "CSAFPID-290674",
            "CSAFPID-290675",
            "CSAFPID-292650",
            "CSAFPID-292656",
            "CSAFPID-292698",
            "CSAFPID-294838",
            "CSAFPID-295198",
            "CSAFPID-295359",
            "CSAFPID-295361",
            "CSAFPID-295398",
            "CSAFPID-295412",
            "CSAFPID-300012",
            "CSAFPID-300263",
            "CSAFPID-300834",
            "CSAFPID-300845",
            "CSAFPID-300847",
            "CSAFPID-300848",
            "CSAFPID-300850",
            "CSAFPID-300851",
            "CSAFPID-300936",
            "CSAFPID-300938",
            "CSAFPID-300947",
            "CSAFPID-301219",
            "CSAFPID-301278",
            "CSAFPID-301611",
            "CSAFPID-301619",
            "CSAFPID-301716",
            "CSAFPID-301722",
            "CSAFPID-301723",
            "CSAFPID-302628",
            "CSAFPID-302682",
            "CSAFPID-302782",
            "CSAFPID-302784",
            "CSAFPID-302851",
            "CSAFPID-302891",
            "CSAFPID-302964",
            "CSAFPID-302974",
            "CSAFPID-302979",
            "CSAFPID-303024",
            "CSAFPID-303041",
            "CSAFPID-303047",
            "CSAFPID-303212",
            "CSAFPID-303308",
            "CSAFPID-303311",
            "CSAFPID-303316",
            "CSAFPID-305303",
            "CSAFPID-306388",
            "CSAFPID-306389"
          ]
        }
      ],
      "title": "Cisco IOS XE cEdge Information Disclosure Vulnerability"
    }
  ]
}

GHSA-5983-2QRF-RPH2

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30

Details

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.

This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:41Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \n\n This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.",
  "id": "GHSA-5983-2qrf-rph2",
  "modified": "2025-05-07T18:30:49Z",
  "published": "2025-05-07T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20221"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-0983

Vulnerability from csaf_certbund - Published: 2025-05-07 22:00 - Updated: 2025-05-07 22:00

Summary

Cisco IOS XE SD-WAN Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco IOS XE SD-WAN Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das f\u00fcr Cisco Ger\u00e4te wie z. B. Router und Switches eingesetzt wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco IOS XE SD-WAN Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0983 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0983.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0983 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0983"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-snmp-bypass-HHUVujdn vom 2025-05-07",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco IOS XE SD-WAN Software: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-05-07T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-08T11:19:16.896+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0983",
      "initial_release_date": "2025-05-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=17.2.1r",
                "product": {
                  "name": "Cisco IOS XE \u003e=17.2.1r",
                  "product_id": "T043487"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=17.2.1r",
                "product": {
                  "name": "Cisco IOS XE \u003e=17.2.1r",
                  "product_id": "T043487-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.9.1",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.9.1",
                  "product_id": "T043488"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.9.1",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.9.1",
                  "product_id": "T043488-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.9.4",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.9.4",
                  "product_id": "T043489"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.9.4",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.9.4",
                  "product_id": "T043489-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.10.1",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.10.1",
                  "product_id": "T043490"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.10.1",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.10.1",
                  "product_id": "T043490-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.10.5",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.10.5",
                  "product_id": "T043491"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.10.5",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.10.5",
                  "product_id": "T043491-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "= SD-WAN 16.11.1a",
                "product": {
                  "name": "Cisco IOS XE = SD-WAN 16.11.1a",
                  "product_id": "T043492",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:cisco:ios_xe:sd-wan_16.11.1a"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.12.2r",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.12.2r",
                  "product_id": "T043493"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=SD-WAN 16.12.2r",
                "product": {
                  "name": "Cisco IOS XE \u003e=SD-WAN 16.12.2r",
                  "product_id": "T043493-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.12.4",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.12.4",
                  "product_id": "T043494"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=SD-WAN 16.12.4",
                "product": {
                  "name": "Cisco IOS XE \u003c=SD-WAN 16.12.4",
                  "product_id": "T043494-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "IOS XE"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-20221",
      "product_status": {
        "known_affected": [
          "T043492"
        ],
        "last_affected": [
          "T043489",
          "T043491",
          "T043494"
        ]
      },
      "release_date": "2025-05-07T22:00:00.000+00:00",
      "title": "CVE-2025-20221"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20221 (GCVE-0-2025-20221)

FKIE_CVE-2025-20221

CISCO-SA-SNMP-BYPASS-HHUVUJDN

GHSA-5983-2QRF-RPH2

WID-SEC-W-2025-0983

Tags

Sightings

Nomenclature