Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-10321

Опубликовано: 07 мая 2025
Источник: fstec
CVSS3: 4.7
CVSS2: 3.3
EPSS Низкий

Описание

Уязвимость механизма списка контроля доступа ACL операционной системы Cisco IOS связана с ошибками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS
Catalyst 1000 Switches
Catalyst 2960-L Series Switches

Версия ПО

15.2(6)E (Cisco IOS)
15.2(6)E0c (Cisco IOS)
15.2(5a)E (Cisco IOS)
15.2(5b)E (Cisco IOS)
15.2(5c)E (Cisco IOS)
15.2(7)E (Cisco IOS)
12.2(6)I1 (Cisco IOS)
15.2(6)E1 (Cisco IOS)
15.2(6)E1a (Cisco IOS)
15.2(6)E1s (Cisco IOS)
15.1(3)SVR1 (Cisco IOS)
15.1(3)SVR2 (Cisco IOS)
15.1(3)SVR3 (Cisco IOS)
15.1(3)SVS (Cisco IOS)
15.1(3)SVS1 (Cisco IOS)
15.1(3)SVT1 (Cisco IOS)
15.1(3)SVT2 (Cisco IOS)
15.1(3)SVU1 (Cisco IOS)
15.2(6)E2 (Cisco IOS)
15.2(6)E2b (Cisco IOS)
15.2(6)E3 (Cisco IOS)
15.2(7)E0a (Cisco IOS)
15.2(7)E0s (Cisco IOS)
15.2(7)E1 (Cisco IOS)
15.2(7)E1a (Cisco IOS)
15.2(7)E2 (Cisco IOS)
15.2(7)E3 (Cisco IOS)
15.2(7)E3k (Cisco IOS)
15.2(7)E5 (Cisco IOS)
15.2(7a)E0b (Cisco IOS)
15.2(7b)E0b (Cisco IOS)
15.2(8)E (Cisco IOS)
15.2(8)E1 (Cisco IOS)
15.2(7)E4 (Cisco IOS)
15.2(7)E6 (Cisco IOS)
15.2(8)E2 (Cisco IOS)
15.2(7)E7 (Cisco IOS)
15.2(8)E3 (Cisco IOS)
15.2(7)E8 (Cisco IOS)
15.2(8)E4 (Cisco IOS)
15.1(3)SVX (Cisco IOS)
15.1(3)SVX1 (Cisco IOS)
15.1(3)SVW (Cisco IOS)
15.1(3)SVW1 (Cisco IOS)
15.1(3)SVV1 (Cisco IOS)
15.1(3)SVV2 (Cisco IOS)
15.1(3)SVV3 (Cisco IOS)
15.1(3)SVV4 (Cisco IOS)
15.1(3)SVU10 (Cisco IOS)
15.1(3)SVU2 (Cisco IOS)
15.1(3)SVU11 (Cisco IOS)
15.1(3)SVU20 (Cisco IOS)
15.1(3)SVU21 (Cisco IOS)
15.1(3)SVT3 (Cisco IOS)
15.1(3)SVT4 (Cisco IOS)
15.1(3)SVR10 (Cisco IOS)
15.2(7)E9 (Cisco IOS)
15.2(8)E5 (Cisco IOS)
15.2(7)E10 (Cisco IOS)
15.2(8)E6 (Cisco IOS)
15.2(7)E11 (Cisco IOS)
- (Catalyst 1000 Switches)
- (Catalyst 2960-L Series Switches)
15.2(7)E12 (Cisco IOS)
15.2(8)E8 (Cisco IOS)

Тип ПО

Операционная система
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS 15.2(6)E
Cisco Systems Inc. Cisco IOS 15.2(6)E0c
Cisco Systems Inc. Cisco IOS 15.2(5a)E
Cisco Systems Inc. Cisco IOS 15.2(5b)E
Cisco Systems Inc. Cisco IOS 15.2(5c)E
Cisco Systems Inc. Cisco IOS 15.2(7)E
Cisco Systems Inc. Cisco IOS 12.2(6)I1
Cisco Systems Inc. Cisco IOS 15.2(6)E1
Cisco Systems Inc. Cisco IOS 15.2(6)E1a
Cisco Systems Inc. Cisco IOS 15.2(6)E1s
Cisco Systems Inc. Cisco IOS 15.1(3)SVR1
Cisco Systems Inc. Cisco IOS 15.1(3)SVR2
Cisco Systems Inc. Cisco IOS 15.1(3)SVR3
Cisco Systems Inc. Cisco IOS 15.1(3)SVS
Cisco Systems Inc. Cisco IOS 15.1(3)SVS1
Cisco Systems Inc. Cisco IOS 15.1(3)SVT1
Cisco Systems Inc. Cisco IOS 15.1(3)SVT2
Cisco Systems Inc. Cisco IOS 15.1(3)SVU1
Cisco Systems Inc. Cisco IOS 15.2(6)E2
Cisco Systems Inc. Cisco IOS 15.2(6)E2b
Cisco Systems Inc. Cisco IOS 15.2(6)E3
Cisco Systems Inc. Cisco IOS 15.2(7)E0a
Cisco Systems Inc. Cisco IOS 15.2(7)E0s
Cisco Systems Inc. Cisco IOS 15.2(7)E1
Cisco Systems Inc. Cisco IOS 15.2(7)E1a
Cisco Systems Inc. Cisco IOS 15.2(7)E2
Cisco Systems Inc. Cisco IOS 15.2(7)E3
Cisco Systems Inc. Cisco IOS 15.2(7)E3k
Cisco Systems Inc. Cisco IOS 15.2(7)E5
Cisco Systems Inc. Cisco IOS 15.2(7a)E0b
Cisco Systems Inc. Cisco IOS 15.2(7b)E0b
Cisco Systems Inc. Cisco IOS 15.2(8)E
Cisco Systems Inc. Cisco IOS 15.2(8)E1
Cisco Systems Inc. Cisco IOS 15.2(7)E4
Cisco Systems Inc. Cisco IOS 15.2(7)E6
Cisco Systems Inc. Cisco IOS 15.2(8)E2
Cisco Systems Inc. Cisco IOS 15.2(7)E7
Cisco Systems Inc. Cisco IOS 15.2(8)E3
Cisco Systems Inc. Cisco IOS 15.2(7)E8
Cisco Systems Inc. Cisco IOS 15.2(8)E4
Cisco Systems Inc. Cisco IOS 15.1(3)SVX
Cisco Systems Inc. Cisco IOS 15.1(3)SVX1
Cisco Systems Inc. Cisco IOS 15.1(3)SVW
Cisco Systems Inc. Cisco IOS 15.1(3)SVW1
Cisco Systems Inc. Cisco IOS 15.1(3)SVV1
Cisco Systems Inc. Cisco IOS 15.1(3)SVV2
Cisco Systems Inc. Cisco IOS 15.1(3)SVV3
Cisco Systems Inc. Cisco IOS 15.1(3)SVV4
Cisco Systems Inc. Cisco IOS 15.1(3)SVU10
Cisco Systems Inc. Cisco IOS 15.1(3)SVU2
Cisco Systems Inc. Cisco IOS 15.1(3)SVU11
Cisco Systems Inc. Cisco IOS 15.1(3)SVU20
Cisco Systems Inc. Cisco IOS 15.1(3)SVU21
Cisco Systems Inc. Cisco IOS 15.1(3)SVT3
Cisco Systems Inc. Cisco IOS 15.1(3)SVT4
Cisco Systems Inc. Cisco IOS 15.1(3)SVR10
Cisco Systems Inc. Cisco IOS 15.2(7)E9
Cisco Systems Inc. Cisco IOS 15.2(8)E5
Cisco Systems Inc. Cisco IOS 15.2(7)E10
Cisco Systems Inc. Cisco IOS 15.2(8)E6
Cisco Systems Inc. Cisco IOS 15.2(7)E11
Cisco Systems Inc. Cisco IOS 15.2(7)E12
Cisco Systems Inc. Cisco IOS 15.2(8)E8

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 3,3)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 4,7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 11%
0.00039
Низкий

4.7 Medium

CVSS3

3.3 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20137

CVSS3: 4.7
nvd
9 месяцев назад

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

github логотип

GHSA-x37r-wqwh-97qm

CVSS3: 4.7
github
9 месяцев назад

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

EPSS

Процентиль: 11%
0.00039
Низкий

4.7 Medium

CVSS3

3.3 Low

CVSS2