Download
Beveilingsadvies; NCSC-2025-0297 [1.0.1]
- Beveiligingsadvies
- NCSC-2025-0297 [1.0.1]
- Publicatie
- 25-09-2025 12:42 (Europe/Amsterdam)
- Prioriteit
- Normaal
- Betreft
- Kwetsbaarheden verholpen in Cisco IOS en Cisco IOS XE Software
Revisies
| Versie | Datum | Opmerking | |
|---|---|---|---|
| 1.0.1 | 25-09-2025 10:42 | CVE-2025-20352 blijkt actief te zijn misbruikt. Deze informatie toegevoegd. | |
| 1.0.0 | 25-09-2025 09:20 | Initiele versie | Bekijken |
Kenmerken
- CWE-19
- Path Traversal: '.../...//'
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- Stack-based Buffer Overflow
- Improper Neutralization of Parameter/Argument Delimiters
- Improper Handling of Undefined Values
- Improper Access Control
- Improper Authentication
- Incomplete Cleanup
- Incomplete Denylist to Cross-Site Scripting
- Buffer Access with Incorrect Length Value
- Loop with Unreachable Exit Condition ('Infinite Loop')
- Improper Validation of Specified Type of Input
Omschrijving
Cisco heeft kwetsbaarheden verholpen in Cisco IOS en Cisco IOS XE Software.
De kwetsbaarheden omvatten verschillende problemen, waaronder een buffer overflow in de command-line interface (CLI) die kan leiden tot onverwachte herstarts van apparaten en een kwetsbaarheid in de TACACS+ protocolimplementatie die ongeauthenticeerde aanvallers in staat stelt om gevoelige gegevens te benaderen. Daarnaast zijn er kwetsbaarheden in de web UI die kunnen leiden tot cross-site scripting (XSS) aanvallen en een probleem in de NBAR-functie dat kan resulteren in een denial of service (DoS) door het versturen van gemanipuleerde CAPWAP-pakketten. Ook zijn er kwetsbaarheden in de SNMP-subsystemen die kunnen leiden tot ongeautoriseerde toegang en systeemdisruptie.
Cisco vermeldt dat de kwetsbaarheid met kenmerk CVE-2025-20352 actief is misbruikt. Deze kwetsbaarheid stelt een kwaadwillende die in het bezit is van een read-only community string (SNMPv1/2) of geldige authenticatie (SNMPv3) een Denial-of-Service kan veroorzaken, of mogelijk willekeurige commando's kan uitvoeren met root-rechten. Voor dat laatste dient de kwaadwillende wel over administrator-rechten te beschikken.
Oplossingen
Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Referenties
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-9800cl-openscep-SB4xtxzP
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-acl-L4K7VXgD
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-cli-EB7cZ6yO
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvC
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOU
CVE's
- CVE-2025-20149 - CVSS (v3) 6.5
- CVE-2025-20160 - CVSS (v3) 8.1
- CVE-2025-20240 - CVSS (v3) 6.1
- CVE-2025-20293 - CVSS (v3) 5.3
- CVE-2025-20311 - CVSS (v3) 7.4
- CVE-2025-20312 - CVSS (v3) 7.7
- CVE-2025-20313 - CVSS (v3) 6.7
- CVE-2025-20314 - CVSS (v3) 6.7
- CVE-2025-20315 - CVSS (v3) 8.6
- CVE-2025-20316 - CVSS (v3) 5.3
- CVE-2025-20327 - CVSS (v3) 7.7
- CVE-2025-20334 - CVSS (v3) 8.8
- CVE-2025-20338 - CVSS (v3) 6.0
- CVE-2025-20352 - CVSS (v3) 7.7
Producten
Cisco
| Cisco 1000 Series Integrated Services Routers | * | known_affected |
| Cisco 1100 Series Industrial Integrated Services Routers | * | known_affected |
| Cisco 4000 Series Integrated Services Routers | * | known_affected |
| Cisco Cloud Services Router 1000V Series | * | known_affected |
| Cisco IOS XE Catalyst SD-WAN | * | known_affected |
| IOS | * | known_affected |
| iOS XE | * | known_affected |
Disclaimer
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.