Vulnerability-Lookup

CVE-2025-20137 (GCVE-0-2025-20137)

Vulnerability from cvelistv5 – Published: 2025-05-07 17:31 – Updated: 2025-05-07 19:45

Summary

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	IOS	Affected: 15.2(5a)E Affected: 15.2(5b)E Affected: 15.2(5c)E Affected: 15.2(6)E Affected: 15.2(6)E1 Affected: 15.2(6)E0c Affected: 15.2(6)E2 Affected: 15.2(7)E Affected: 15.2(6)E2b Affected: 15.2(7)E1 Affected: 15.2(7)E0a Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(7)E2 Affected: 15.2(7a)E0b Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7b)E0b Affected: 15.2(7)E4 Affected: 15.2(7)E3k Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.2(7)E9 Affected: 15.2(8)E5 Affected: 15.2(8)E6 Affected: 15.2(7)E10 Affected: 15.2(7)E11 Affected: 15.2(7)E12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T18:56:17.944241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:45:55.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "15.2(5a)E"
            },
            {
              "status": "affected",
              "version": "15.2(5b)E"
            },
            {
              "status": "affected",
              "version": "15.2(5c)E"
            },
            {
              "status": "affected",
              "version": "15.2(6)E"
            },
            {
              "status": "affected",
              "version": "15.2(6)E1"
            },
            {
              "status": "affected",
              "version": "15.2(6)E0c"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7)E"
            },
            {
              "status": "affected",
              "version": "15.2(6)E2b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E1"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0a"
            },
            {
              "status": "affected",
              "version": "15.2(7)E0s"
            },
            {
              "status": "affected",
              "version": "15.2(6)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7a)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E1a"
            },
            {
              "status": "affected",
              "version": "15.2(7b)E0b"
            },
            {
              "status": "affected",
              "version": "15.2(7)E4"
            },
            {
              "status": "affected",
              "version": "15.2(7)E3k"
            },
            {
              "status": "affected",
              "version": "15.2(8)E"
            },
            {
              "status": "affected",
              "version": "15.2(8)E1"
            },
            {
              "status": "affected",
              "version": "15.2(7)E5"
            },
            {
              "status": "affected",
              "version": "15.2(7)E6"
            },
            {
              "status": "affected",
              "version": "15.2(8)E2"
            },
            {
              "status": "affected",
              "version": "15.2(7)E7"
            },
            {
              "status": "affected",
              "version": "15.2(8)E3"
            },
            {
              "status": "affected",
              "version": "15.2(7)E8"
            },
            {
              "status": "affected",
              "version": "15.2(8)E4"
            },
            {
              "status": "affected",
              "version": "15.2(7)E9"
            },
            {
              "status": "affected",
              "version": "15.2(8)E5"
            },
            {
              "status": "affected",
              "version": "15.2(8)E6"
            },
            {
              "status": "affected",
              "version": "15.2(7)E10"
            },
            {
              "status": "affected",
              "version": "15.2(7)E11"
            },
            {
              "status": "affected",
              "version": "15.2(7)E12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T17:31:45.590Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ipsgacl-pg6qfZk",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipsgacl-pg6qfZk",
        "defects": [
          "CSCwm03838"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20137",
    "datePublished": "2025-05-07T17:31:45.590Z",
    "dateReserved": "2024-10-10T19:15:13.213Z",
    "dateUpdated": "2025-05-07T19:45:55.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20137\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-07T18:56:17.944241Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-07T18:56:19.336Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwm03838\"], \"advisory\": \"cisco-sa-ipsgacl-pg6qfZk\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"IOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.2(5a)E\"}, {\"status\": \"affected\", \"version\": \"15.2(5b)E\"}, {\"status\": \"affected\", \"version\": \"15.2(5c)E\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E1\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E0c\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E2\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E2b\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E1\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E0a\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E0s\"}, {\"status\": \"affected\", \"version\": \"15.2(6)E3\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E2\"}, {\"status\": \"affected\", \"version\": \"15.2(7a)E0b\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E3\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E1a\"}, {\"status\": \"affected\", \"version\": \"15.2(7b)E0b\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E4\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E3k\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E1\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E5\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E6\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E2\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E7\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E3\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E8\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E4\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E9\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E5\"}, {\"status\": \"affected\", \"version\": \"15.2(8)E6\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E10\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E11\"}, {\"status\": \"affected\", \"version\": \"15.2(7)E12\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk\", \"name\": \"cisco-sa-ipsgacl-pg6qfZk\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\\r\\n\\r This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\\r\\n\\r Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-05-07T17:31:45.590Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20137\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-07T19:45:55.934Z\", \"dateReserved\": \"2024-10-10T19:15:13.213Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-05-07T17:31:45.590Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-20137

Vulnerability from fkie_nvd - Published: 2025-05-07 18:15 - Updated: 2025-08-05 14:08

Severity ?

4.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	15.2\(5a\)e
cisco	ios	15.2\(5b\)e
cisco	ios	15.2\(5c\)e
cisco	ios	15.2\(6\)e
cisco	ios	15.2\(6\)e0c
cisco	ios	15.2\(6\)e1
cisco	ios	15.2\(6\)e2
cisco	ios	15.2\(6\)e2b
cisco	ios	15.2\(6\)e3
cisco	ios	15.2\(7\)e
cisco	ios	15.2\(7\)e0a
cisco	ios	15.2\(7\)e0s
cisco	ios	15.2\(7\)e1
cisco	ios	15.2\(7\)e1a
cisco	ios	15.2\(7\)e2
cisco	ios	15.2\(7\)e3
cisco	ios	15.2\(7\)e3k
cisco	ios	15.2\(7\)e4
cisco	ios	15.2\(7\)e5
cisco	ios	15.2\(7\)e6
cisco	ios	15.2\(7\)e7
cisco	ios	15.2\(7\)e8
cisco	ios	15.2\(7\)e9
cisco	ios	15.2\(7\)e10
cisco	ios	15.2\(7\)e11
cisco	ios	15.2\(7\)e12
cisco	ios	15.2\(7a\)e0b
cisco	ios	15.2\(7b\)e0b
cisco	ios	15.2\(8\)e
cisco	ios	15.2\(8\)e1
cisco	ios	15.2\(8\)e2
cisco	ios	15.2\(8\)e3
cisco	ios	15.2\(8\)e4
cisco	ios	15.2\(8\)e5
cisco	ios	15.2\(8\)e6
cisco	catalyst_1000-16fp-2g-l	-
cisco	catalyst_1000-16p-2g-l	-
cisco	catalyst_1000-16t-2g-l	-
cisco	catalyst_1000-16t-e-2g-l	-
cisco	catalyst_1000-24fp-4g-l	-
cisco	catalyst_1000-24fp-4x-l	-
cisco	catalyst_1000-24p-4g-l	-
cisco	catalyst_1000-24p-4x-l	-
cisco	catalyst_1000-24pp-4g-l	-
cisco	catalyst_1000-24t-4g-l	-
cisco	catalyst_1000-24t-4x-l	-
cisco	catalyst_1000-48fp-4g-l	-
cisco	catalyst_1000-48fp-4x-l	-
cisco	catalyst_1000-48p-4g-l	-
cisco	catalyst_1000-48p-4x-l	-
cisco	catalyst_1000-48pp-4g-l	-
cisco	catalyst_1000-48t-4g-l	-
cisco	catalyst_1000-48t-4x-l	-
cisco	catalyst_1000-8fp-2g-l	-
cisco	catalyst_1000-8fp-e-2g-l	-
cisco	catalyst_1000-8p-2g-l	-
cisco	catalyst_1000-8p-e-2g-l	-
cisco	catalyst_1000-8t-2g-l	-
cisco	catalyst_1000-8t-e-2g-l	-
cisco	catalyst_1000fe-24p-4g-l	-
cisco	catalyst_1000fe-24t-4g-l	-
cisco	catalyst_1000fe-48p-4g-l	-
cisco	catalyst_1000fe-48t-4g-l	-
cisco	catalyst_2960l-16ps-ll	-
cisco	catalyst_2960l-16ts-ll	-
cisco	catalyst_2960l-24pq-ll	-
cisco	catalyst_2960l-24ps-ll	-
cisco	catalyst_2960l-24tq-ll	-
cisco	catalyst_2960l-24ts-ll	-
cisco	catalyst_2960l-48pq-ll	-
cisco	catalyst_2960l-48ps-ll	-
cisco	catalyst_2960l-48tq-ll	-
cisco	catalyst_2960l-48ts-ll	-
cisco	catalyst_2960l-8ps-ll	-
cisco	catalyst_2960l-8ts-ll	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5a\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2EB46D-16E0-4C31-8634-C33D70B5381A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F29B2E6F-ED6C-4568-9042-7A1BD96A9E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5c\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7803B445-FE22-4D4B-9F3A-68EFE528195E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "199DCF1B-8A1E-47CC-87A6-64E6F21D8886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD05109E-1183-419D-96A1-9CD5EA5ECC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C73A3A-4B84-476F-AC3C-81DCB527E29A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEE2C71-C401-43D1-86DC-725FE5FDF87E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2842F6-4CD5-457C-AC75-241A5AB9534B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABE0470-E94A-4CAF-865D-73E2607A0DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6437E689-A049-4D48-AB7A-49CA7EBDE8B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "110B699D-169E-4932-A480-6EBB90CAE94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4862C453-8BD7-4D53-B2D6-CE3E44A4915A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C4E1F4-AD64-418C-A308-85501E0F3EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27EF41C6-A0D0-4149-BC5D-B31C4F5CC6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57ED9CDC-FC03-4DA7-A791-CE61D0D8364D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F980EFA3-BB92-49D3-8D5F-2804BB44ABB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e3k:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6D0AA7-E879-4303-AB2D-4FEF3574B60E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "345C9300-CAC2-4427-A6B4-8DBC72573E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BFCF66-DE06-46DA-8F9D-60A446DC0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDF6ABA-F0A4-423F-9056-A57C6A074137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e7:*:*:*:*:*:*:*",
              "matchCriteriaId": "956FE25C-3CB8-4479-850D-719827123A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e8:*:*:*:*:*:*:*",
              "matchCriteriaId": "23ABB581-90EF-4F6C-9778-735932D2B08D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3FD874-5EDF-48E0-A5AC-415A620C1FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e10:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F396D6-9B6E-4E6A-B561-9822DB13C7AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e11:*:*:*:*:*:*:*",
              "matchCriteriaId": "21887E28-6DED-4E1D-BC96-FED6461B95F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAD4038-60A1-43ED-98EA-534B42134FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7a\\)e0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "1374E243-4EC2-4A81-991C-B5705135CAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7b\\)e0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECA6101-94BA-4209-8243-A56AF02963EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF00927-80B0-4BE3-BF7C-E663A5E7763A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9795E31D-A642-4100-A980-CD49C291AB7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83C79479-27C6-4273-BC80-70395D609197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28ACC494-2B4B-4BCE-9275-B7B10CC69B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8BB9098-7C1D-4776-8B1F-EF4A0461CCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e5:*:*:*:*:*:*:*",
              "matchCriteriaId": "602A88C0-30D1-4B63-A8F7-EF1D35350897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3AE0C5-D071-44B4-B820-422296FDC259",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16fp-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE31650-EA77-4AE9-85CD-CB6C1E1E0562",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16p-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DF028-9DE9-4BD9-ACDF-72D54E1898C8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9F0B2AE-113D-49FC-A4DB-2A7F35678BC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-16t-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC581974-585A-4204-8BB0-B0C56C04EA61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8D14468-6577-4142-B312-70BE052BB62E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24fp-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "411965A9-9F29-49D6-A402-76F5AA430891",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8208BCD-7591-4A7E-B5D0-FC875FF51238",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24p-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6DA9249-EEFE-48D8-B94A-845A6C8C5EC0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24pp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ECC7217-C2F5-4742-8559-4254FF649192",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF6F3CD-8D92-426D-923C-9282EECF440E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-24t-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B9CA88-B777-40D3-9094-C321A9B68245",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E73625-3AE9-4A57-A5C1-9F5CB30913E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48fp-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "359594EB-19B7-448C-901A-E0D7F6F49738",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07FB42D3-1876-4535-B969-4F7DCEB425C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48p-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEAFC00-8B8A-4D2E-85D7-2366F0C76093",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48pp-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "946E34A8-F960-4878-80B7-A0FC6A50CB13",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "993C14D0-710B-4BE6-BC66-C35D071C0089",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-48t-4x-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28C4B25-2244-4A6A-AF69-FFCCD6A693C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7981F467-B780-44CE-ACD3-175B0BEF1D79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8fp-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0A67A-FDCC-4F6A-B1C8-DA26D7D11231",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24849156-10B7-4FF9-B825-EAD3BF864724",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8p-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A245CDAE-B426-4FC3-A35E-96E09C5E4607",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1456D7-700B-4833-B530-15CEF6FCA99D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000-8t-e-2g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2EE6830-7F52-4FCD-AA08-F3BDABE5E7E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA79F243-5BD0-40FB-ADAC-A7E92DA1B1FD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-24t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BFCEF9-B808-4CC8-BA50-E6F8CF83C238",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48p-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2994E19-2B1E-445E-8C1B-6BAC67F28028",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_1000fe-48t-4g-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF8C04C-B259-408C-80B7-77BBF5606BCE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "923B1623-2A33-497B-9238-3F4699E8E4AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-16ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "762B1BA4-69FC-4977-A0A8-9323660674A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24pq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "343AD12E-387D-4494-9665-45384927C043",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F249629F-1A5C-4C12-B956-552A2526A836",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24tq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F7347D-C59F-4432-8706-A49732F691D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-24ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9AF097-09D6-4388-85EA-5954BD40D6B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48pq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CB5149-90DE-4C56-B252-0BE74CB84B19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "949533D3-6500-49BA-BE55-42E1506D3DD6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48tq-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26876A8C-F6C9-4FBA-8085-DD9A042CF77D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-48ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5B561-02A2-4F79-8E28-E6A2B5C4F09D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ps-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBE7411-BD02-47A8-99BC-6B701B60A61B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_2960l-8ts-ll:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96195B6B-C869-4DEF-AB5D-704B3D2FC76E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la programaci\u00f3n de la lista de control de acceso (ACL) del software Cisco IOS, que se ejecuta en los switches Cisco Catalyst 1000 y Cisco Catalyst 2960L, podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe al uso de una ACL IPv4 y una ACL din\u00e1mica de IP Source Guard en la misma interfaz, una configuraci\u00f3n no compatible. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle omitir una ACL en el dispositivo afectado. Nota: La documentaci\u00f3n de Cisco se ha actualizado para reflejar que esta es una configuraci\u00f3n no compatible. Sin embargo, Cisco publica este aviso porque el dispositivo no impedir\u00e1 que un administrador configure ambas funciones en la misma interfaz. No hay planes para implementar la capacidad de configurar ambas funciones en la misma interfaz en los switches Cisco Catalyst 1000 o Catalyst 2960L."
    }
  ],
  "id": "CVE-2025-20137",
  "lastModified": "2025-08-05T14:08:32.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-07T18:15:36.473",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

GHSA-X37R-WQWH-97QM

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30

Details

This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\n\n This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\n\n Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.",
  "id": "GHSA-x37r-wqwh-97qm",
  "modified": "2025-05-07T18:30:48Z",
  "published": "2025-05-07T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20137"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2025-15478

Vulnerability from cnvd - Published: 2025-07-11

Title

Cisco IOS访问控制错误漏洞（CNVD-2025-15478）

Description

Cisco IOS是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS存在访问控制错误漏洞，该漏洞源于访问控制列表配置不当，攻击者可利用该漏洞导致绕过ACL限制。

Severity

低

Patch Name

Cisco IOS访问控制错误漏洞（CNVD-2025-15478）的补丁

Patch Description

Cisco IOS是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS存在访问控制错误漏洞，该漏洞源于访问控制列表配置不当，攻击者可利用该漏洞导致绕过ACL限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.cisco.com/c/en/us/support/index.html

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk

Impacted products

Name
Cisco Cisco IOS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-20137",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-20137"
    }
  },
  "description": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u914d\u7f6e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7ed5\u8fc7ACL\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.cisco.com/c/en/us/support/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15478",
  "openTime": "2025-07-11",
  "patchDescription": "Cisco IOS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u914d\u7f6e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7ed5\u8fc7ACL\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15478\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Cisco IOS"
  },
  "referenceLink": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk",
  "serverity": "\u4f4e",
  "submitTime": "2025-05-14",
  "title": "Cisco IOS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15478\uff09"
}

CVE-2025-20137

Vulnerability from fstec - Published: 07.05.2025

Title

Уязвимость механизма списка контроля доступа ACL операционной системы Cisco IOS, позволяющая нарушителю обойти существующие ограничения безопасности

Description

Уязвимость механизма списка контроля доступа ACL операционной системы Cisco IOS связана с ошибками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS, Catalyst 1000 Switches, Catalyst 2960-L Series Switches

Software Version

15.2(6)E (Cisco IOS), 15.2(6)E0c (Cisco IOS), 15.2(5a)E (Cisco IOS), 15.2(5b)E (Cisco IOS), 15.2(5c)E (Cisco IOS), 15.2(7)E (Cisco IOS), 12.2(6)I1 (Cisco IOS), 15.2(6)E1 (Cisco IOS), 15.2(6)E1a (Cisco IOS), 15.2(6)E1s (Cisco IOS), 15.1(3)SVR1 (Cisco IOS), 15.1(3)SVR2 (Cisco IOS), 15.1(3)SVR3 (Cisco IOS), 15.1(3)SVS (Cisco IOS), 15.1(3)SVS1 (Cisco IOS), 15.1(3)SVT1 (Cisco IOS), 15.1(3)SVT2 (Cisco IOS), 15.1(3)SVU1 (Cisco IOS), 15.2(6)E2 (Cisco IOS), 15.2(6)E2b (Cisco IOS), 15.2(6)E3 (Cisco IOS), 15.2(7)E0a (Cisco IOS), 15.2(7)E0s (Cisco IOS), 15.2(7)E1 (Cisco IOS), 15.2(7)E1a (Cisco IOS), 15.2(7)E2 (Cisco IOS), 15.2(7)E3 (Cisco IOS), 15.2(7)E3k (Cisco IOS), 15.2(7)E5 (Cisco IOS), 15.2(7a)E0b (Cisco IOS), 15.2(7b)E0b (Cisco IOS), 15.2(8)E (Cisco IOS), 15.2(8)E1 (Cisco IOS), 15.2(7)E4 (Cisco IOS), 15.2(7)E6 (Cisco IOS), 15.2(8)E2 (Cisco IOS), 15.2(7)E7 (Cisco IOS), 15.2(8)E3 (Cisco IOS), 15.2(7)E8 (Cisco IOS), 15.2(8)E4 (Cisco IOS), 15.1(3)SVX (Cisco IOS), 15.1(3)SVX1 (Cisco IOS), 15.1(3)SVW (Cisco IOS), 15.1(3)SVW1 (Cisco IOS), 15.1(3)SVV1 (Cisco IOS), 15.1(3)SVV2 (Cisco IOS), 15.1(3)SVV3 (Cisco IOS), 15.1(3)SVV4 (Cisco IOS), 15.1(3)SVU10 (Cisco IOS), 15.1(3)SVU2 (Cisco IOS), 15.1(3)SVU11 (Cisco IOS), 15.1(3)SVU20 (Cisco IOS), 15.1(3)SVU21 (Cisco IOS), 15.1(3)SVT3 (Cisco IOS), 15.1(3)SVT4 (Cisco IOS), 15.1(3)SVR10 (Cisco IOS), 15.2(7)E9 (Cisco IOS), 15.2(8)E5 (Cisco IOS), 15.2(7)E10 (Cisco IOS), 15.2(8)E6 (Cisco IOS), 15.2(7)E11 (Cisco IOS), - (Catalyst 1000 Switches), - (Catalyst 2960-L Series Switches), 15.2(7)E12 (Cisco IOS), 15.2(8)E8 (Cisco IOS)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.2(6)E (Cisco IOS), 15.2(6)E0c (Cisco IOS), 15.2(5a)E (Cisco IOS), 15.2(5b)E (Cisco IOS), 15.2(5c)E (Cisco IOS), 15.2(7)E (Cisco IOS), 12.2(6)I1 (Cisco IOS), 15.2(6)E1 (Cisco IOS), 15.2(6)E1a (Cisco IOS), 15.2(6)E1s (Cisco IOS), 15.1(3)SVR1 (Cisco IOS), 15.1(3)SVR2 (Cisco IOS), 15.1(3)SVR3 (Cisco IOS), 15.1(3)SVS (Cisco IOS), 15.1(3)SVS1 (Cisco IOS), 15.1(3)SVT1 (Cisco IOS), 15.1(3)SVT2 (Cisco IOS), 15.1(3)SVU1 (Cisco IOS), 15.2(6)E2 (Cisco IOS), 15.2(6)E2b (Cisco IOS), 15.2(6)E3 (Cisco IOS), 15.2(7)E0a (Cisco IOS), 15.2(7)E0s (Cisco IOS), 15.2(7)E1 (Cisco IOS), 15.2(7)E1a (Cisco IOS), 15.2(7)E2 (Cisco IOS), 15.2(7)E3 (Cisco IOS), 15.2(7)E3k (Cisco IOS), 15.2(7)E5 (Cisco IOS), 15.2(7a)E0b (Cisco IOS), 15.2(7b)E0b (Cisco IOS), 15.2(8)E (Cisco IOS), 15.2(8)E1 (Cisco IOS), 15.2(7)E4 (Cisco IOS), 15.2(7)E6 (Cisco IOS), 15.2(8)E2 (Cisco IOS), 15.2(7)E7 (Cisco IOS), 15.2(8)E3 (Cisco IOS), 15.2(7)E8 (Cisco IOS), 15.2(8)E4 (Cisco IOS), 15.1(3)SVX (Cisco IOS), 15.1(3)SVX1 (Cisco IOS), 15.1(3)SVW (Cisco IOS), 15.1(3)SVW1 (Cisco IOS), 15.1(3)SVV1 (Cisco IOS), 15.1(3)SVV2 (Cisco IOS), 15.1(3)SVV3 (Cisco IOS), 15.1(3)SVV4 (Cisco IOS), 15.1(3)SVU10 (Cisco IOS), 15.1(3)SVU2 (Cisco IOS), 15.1(3)SVU11 (Cisco IOS), 15.1(3)SVU20 (Cisco IOS), 15.1(3)SVU21 (Cisco IOS), 15.1(3)SVT3 (Cisco IOS), 15.1(3)SVT4 (Cisco IOS), 15.1(3)SVR10 (Cisco IOS), 15.2(7)E9 (Cisco IOS), 15.2(8)E5 (Cisco IOS), 15.2(7)E10 (Cisco IOS), 15.2(8)E6 (Cisco IOS), 15.2(7)E11 (Cisco IOS), - (Catalyst 1000 Switches), - (Catalyst 2960-L Series Switches), 15.2(7)E12 (Cisco IOS), 15.2(8)E8 (Cisco IOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10321",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20137",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS, Catalyst 1000 Switches, Catalyst 2960-L Series Switches",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS 15.2(6)E , Cisco Systems Inc. Cisco IOS 15.2(6)E0c , Cisco Systems Inc. Cisco IOS 15.2(5a)E , Cisco Systems Inc. Cisco IOS 15.2(5b)E , Cisco Systems Inc. Cisco IOS 15.2(5c)E , Cisco Systems Inc. Cisco IOS 15.2(7)E , Cisco Systems Inc. Cisco IOS 12.2(6)I1 , Cisco Systems Inc. Cisco IOS 15.2(6)E1 , Cisco Systems Inc. Cisco IOS 15.2(6)E1a , Cisco Systems Inc. Cisco IOS 15.2(6)E1s , Cisco Systems Inc. Cisco IOS 15.1(3)SVR1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVR2 , Cisco Systems Inc. Cisco IOS 15.1(3)SVR3 , Cisco Systems Inc. Cisco IOS 15.1(3)SVS , Cisco Systems Inc. Cisco IOS 15.1(3)SVS1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVT1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVT2 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU1 , Cisco Systems Inc. Cisco IOS 15.2(6)E2 , Cisco Systems Inc. Cisco IOS 15.2(6)E2b , Cisco Systems Inc. Cisco IOS 15.2(6)E3 , Cisco Systems Inc. Cisco IOS 15.2(7)E0a , Cisco Systems Inc. Cisco IOS 15.2(7)E0s , Cisco Systems Inc. Cisco IOS 15.2(7)E1 , Cisco Systems Inc. Cisco IOS 15.2(7)E1a , Cisco Systems Inc. Cisco IOS 15.2(7)E2 , Cisco Systems Inc. Cisco IOS 15.2(7)E3 , Cisco Systems Inc. Cisco IOS 15.2(7)E3k , Cisco Systems Inc. Cisco IOS 15.2(7)E5 , Cisco Systems Inc. Cisco IOS 15.2(7a)E0b , Cisco Systems Inc. Cisco IOS 15.2(7b)E0b , Cisco Systems Inc. Cisco IOS 15.2(8)E , Cisco Systems Inc. Cisco IOS 15.2(8)E1 , Cisco Systems Inc. Cisco IOS 15.2(7)E4 , Cisco Systems Inc. Cisco IOS 15.2(7)E6 , Cisco Systems Inc. Cisco IOS 15.2(8)E2 , Cisco Systems Inc. Cisco IOS 15.2(7)E7 , Cisco Systems Inc. Cisco IOS 15.2(8)E3 , Cisco Systems Inc. Cisco IOS 15.2(7)E8 , Cisco Systems Inc. Cisco IOS 15.2(8)E4 , Cisco Systems Inc. Cisco IOS 15.1(3)SVX , Cisco Systems Inc. Cisco IOS 15.1(3)SVX1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVW , Cisco Systems Inc. Cisco IOS 15.1(3)SVW1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVV1 , Cisco Systems Inc. Cisco IOS 15.1(3)SVV2 , Cisco Systems Inc. Cisco IOS 15.1(3)SVV3 , Cisco Systems Inc. Cisco IOS 15.1(3)SVV4 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU10 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU2 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU11 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU20 , Cisco Systems Inc. Cisco IOS 15.1(3)SVU21 , Cisco Systems Inc. Cisco IOS 15.1(3)SVT3 , Cisco Systems Inc. Cisco IOS 15.1(3)SVT4 , Cisco Systems Inc. Cisco IOS 15.1(3)SVR10 , Cisco Systems Inc. Cisco IOS 15.2(7)E9 , Cisco Systems Inc. Cisco IOS 15.2(8)E5 , Cisco Systems Inc. Cisco IOS 15.2(7)E10 , Cisco Systems Inc. Cisco IOS 15.2(8)E6 , Cisco Systems Inc. Cisco IOS 15.2(7)E11 , Cisco Systems Inc. Cisco IOS 15.2(7)E12 , Cisco Systems Inc. Cisco IOS 15.2(8)E8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 ACL \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 ACL \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,7)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20137 (GCVE-0-2025-20137)

FKIE_CVE-2025-20137

GHSA-X37R-WQWH-97QM

CNVD-2025-15478

CVE-2025-20137

Tags

Sightings

Nomenclature