Logo NCSC
NCSC | Beveiligingsadviezen

Beveiligingsadviezen

Download

Beveilingsadvies; NCSC-2025-0264 [1.0.0]

Beveiligingsadvies
NCSC-2025-0264 [1.0.0]
Publicatie
15-08-2025 08:52
Prioriteit
Normaal
Betreft
Kwetsbaarheden verholpen in Cisco Secure Firewall Software

Kenmerken

  • Improper Neutralization of Expression/Command Delimiters
  • Internal Asset Exposed to Unsafe Debug Access Level or State
  • Improper Neutralization of Data within XPath Expressions ('XPath Injection')
  • Improper Validation of Specified Type of Input
  • Improper Handling of Values
  • Double Free
  • Integer Overflow to Buffer Overflow
  • Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Improper Resource Shutdown or Release
  • Missing Authorization
  • Improper Access Control
  • Missing Release of Memory after Effective Lifetime
  • Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Loop with Unreachable Exit Condition ('Infinite Loop')
  • Improper Input Validation
  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omschrijving

Cisco heeft meerdere kwetsbaarheden verholpen in Cisco Secure Firewall Software (inclusief ASA en FTD).

De kwetsbaarheden bevinden zich in de manier waarop Cisco Secure Firewall de sleutel uitwisseling afhandeld (IKEv2), hiermee is het mogelijk voor een ongeauthenticeerde aanvaller om een Denial-of-Service aanval uit te voeren. De kwetsbaarheid met kenmerk CVE-2025-20265 bevind zich in de implementatie van het RADIUS-subsysteem, hierdoor is het mogelijk voor een ongeauthenticeerde kwaadwillende om willekeurige commando's uit te voeren op het onderliggende systeem.

Oplossingen

Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Referenties

CVE's

Producten

Cisco
Cisco Firepower Management Center Appliances unknown known_affected
Cisco Firepower Threat Defense Software 7.7.0 known_affected
Cisco Secure Firewall 3100 Series unknown known_affected
Cisco Secure Firewall 4200 Series unknown known_affected
Cisco Adaptive Security Appliance (ASA) Software 9.23.1 known_affected
Cisco Adaptive Security Virtual Appliance (ASAv) unknown known_affected

Disclaimer

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.