Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-10325

Опубликовано: 07 мая 2025
Источник: fstec
CVSS3: 7.7
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость протокола Internet Key Exchange версии 1 (IKEv1) операционных систем Cisco IOS XE связана с неправильной обработкой неопределенных значений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS XE

Версия ПО

3.13.1s (Cisco IOS XE)
3.13.2s (Cisco IOS XE)
3.13.4s (Cisco IOS XE)
3.13.5s (Cisco IOS XE)
3.14.0s (Cisco IOS XE)
3.14.1s (Cisco IOS XE)
3.14.2s (Cisco IOS XE)
3.14.3s (Cisco IOS XE)
3.14.4s (Cisco IOS XE)
3.15.0s (Cisco IOS XE)
3.15.1s (Cisco IOS XE)
3.15.2s (Cisco IOS XE)
3.15.3s (Cisco IOS XE)
3.16.0s (Cisco IOS XE)
3.16.1as (Cisco IOS XE)
3.16.2s (Cisco IOS XE)
3.17.0s (Cisco IOS XE)
3.17.1s (Cisco IOS XE)
16.5.1 (Cisco IOS XE)
16.3.1a (Cisco IOS XE)
16.2.1 (Cisco IOS XE)
16.2.2 (Cisco IOS XE)
16.3.1 (Cisco IOS XE)
16.3.2 (Cisco IOS XE)
16.3.3 (Cisco IOS XE)
16.3.4 (Cisco IOS XE)
16.3.5 (Cisco IOS XE)
16.4.1 (Cisco IOS XE)
16.6.1 (Cisco IOS XE)
16.6.4 (Cisco IOS XE)
16.4.3 (Cisco IOS XE)
16.7.2 (Cisco IOS XE)
3.13.0S (Cisco IOS XE)
3.13.3S (Cisco IOS XE)
3.13.6S (Cisco IOS XE)
3.13.7S (Cisco IOS XE)
3.13.6aS (Cisco IOS XE)
3.13.8S (Cisco IOS XE)
3.13.9S (Cisco IOS XE)
3.15.1cS (Cisco IOS XE)
3.15.4S (Cisco IOS XE)
3.16.0cS (Cisco IOS XE)
3.16.3S (Cisco IOS XE)
3.16.4aS (Cisco IOS XE)
3.16.4bS (Cisco IOS XE)
3.16.4gS (Cisco IOS XE)
3.16.5S (Cisco IOS XE)
3.16.4cS (Cisco IOS XE)
3.16.4dS (Cisco IOS XE)
3.16.4eS (Cisco IOS XE)
3.16.6S (Cisco IOS XE)
3.16.5aS (Cisco IOS XE)
3.16.5bS (Cisco IOS XE)
3.16.7S (Cisco IOS XE)
3.16.6bS (Cisco IOS XE)
3.16.7aS (Cisco IOS XE)
3.16.7bS (Cisco IOS XE)
3.17.2S (Cisco IOS XE)
3.17.3S (Cisco IOS XE)
3.17.4S (Cisco IOS XE)
16.3.6 (Cisco IOS XE)
16.4.2 (Cisco IOS XE)
16.5.1b (Cisco IOS XE)
16.5.2 (Cisco IOS XE)
16.5.3 (Cisco IOS XE)
16.6.2 (Cisco IOS XE)
16.6.3 (Cisco IOS XE)
16.7.1 (Cisco IOS XE)
16.8.1 (Cisco IOS XE)
16.8.1s (Cisco IOS XE)
3.13.10S (Cisco IOS XE)
3.16.8S (Cisco IOS XE)
16.3.7 (Cisco IOS XE)
3.18.2aSP (Cisco IOS XE)
16.6.4s (Cisco IOS XE)
16.8.2 (Cisco IOS XE)
16.9.1 (Cisco IOS XE)
16.9.2 (Cisco IOS XE)
16.9.1s (Cisco IOS XE)
16.7.3 (Cisco IOS XE)
16.10.1 (Cisco IOS XE)
3.16.10S (Cisco IOS XE)
16.12.1 (Cisco IOS XE)
16.8.3 (Cisco IOS XE)
16.9.2s (Cisco IOS XE)
3.16.9S (Cisco IOS XE)
16.3.8 (Cisco IOS XE)
16.6.5 (Cisco IOS XE)
16.10.2 (Cisco IOS XE)
16.3.9 (Cisco IOS XE)
16.6.6 (Cisco IOS XE)
16.9.3 (Cisco IOS XE)
16.9.4 (Cisco IOS XE)
16.9.3s (Cisco IOS XE)
16.10.1a (Cisco IOS XE)
16.10.1b (Cisco IOS XE)
16.10.1s (Cisco IOS XE)
16.10.1e (Cisco IOS XE)
16.10.3 (Cisco IOS XE)
16.11.1 (Cisco IOS XE)
16.11.1a (Cisco IOS XE)
16.11.1s (Cisco IOS XE)
16.11.1c (Cisco IOS XE)
16.12.1a (Cisco IOS XE)
16.12.1c (Cisco IOS XE)
16.12.1s (Cisco IOS XE)
16.11.2 (Cisco IOS XE)
16.3.10 (Cisco IOS XE)
16.6.7 (Cisco IOS XE)
16.6.8 (Cisco IOS XE)
16.9.5 (Cisco IOS XE)
17.2.1 (Cisco IOS XE)
17.1.1 (Cisco IOS XE)
16.12.2 (Cisco IOS XE)
16.12.2s (Cisco IOS XE)
16.12.2t (Cisco IOS XE)
16.12.4 (Cisco IOS XE)
16.12.3s (Cisco IOS XE)
17.1.1s (Cisco IOS XE)
17.1.2 (Cisco IOS XE)
17.1.1t (Cisco IOS XE)
17.1.3 (Cisco IOS XE)
17.2.1r (Cisco IOS XE)
17.2.1v (Cisco IOS XE)
17.2.2 (Cisco IOS XE)
17.3.1 (Cisco IOS XE)
17.3.1a (Cisco IOS XE)
17.6.1 (Cisco IOS XE)
17.9.1 (Cisco IOS XE)
17.9.1a (Cisco IOS XE)
17.11.1 (Cisco IOS XE)
17.11.1a (Cisco IOS XE)
17.12.1 (Cisco IOS XE)
17.12.1a (Cisco IOS XE)
17.10.1 (Cisco IOS XE)
17.10.1a (Cisco IOS XE)
16.12.3 (Cisco IOS XE)
16.12.8 (Cisco IOS XE)
16.12.5 (Cisco IOS XE)
16.12.6 (Cisco IOS XE)
16.12.7 (Cisco IOS XE)
17.8.1 (Cisco IOS XE)
17.9.2 (Cisco IOS XE)
17.9.3 (Cisco IOS XE)
17.9.4 (Cisco IOS XE)
17.9.4a (Cisco IOS XE)
17.7.1 (Cisco IOS XE)
17.6.5a (Cisco IOS XE)
17.6.6a (Cisco IOS XE)
17.6.6 (Cisco IOS XE)
17.6.2 (Cisco IOS XE)
17.6.3 (Cisco IOS XE)
17.6.4 (Cisco IOS XE)
17.6.5 (Cisco IOS XE)
17.3.2 (Cisco IOS XE)
17.3.3 (Cisco IOS XE)
17.3.4 (Cisco IOS XE)
17.3.5 (Cisco IOS XE)
17.3.6 (Cisco IOS XE)
17.3.7 (Cisco IOS XE)
17.3.8 (Cisco IOS XE)
17.3.8a (Cisco IOS XE)
17.4.1 (Cisco IOS XE)
17.5.1 (Cisco IOS XE)
16.3.11 (Cisco IOS XE)
16.6.9 (Cisco IOS XE)
16.6.10 (Cisco IOS XE)
16.9.6 (Cisco IOS XE)
16.9.7 (Cisco IOS XE)
17.2.3 (Cisco IOS XE)
17.3.4a (Cisco IOS XE)
17.4.1a (Cisco IOS XE)
17.4.1b (Cisco IOS XE)
17.4.1c (Cisco IOS XE)
17.4.2 (Cisco IOS XE)
17.5.1a (Cisco IOS XE)
17.5.1b (Cisco IOS XE)
17.5.1c (Cisco IOS XE)
17.6.1a (Cisco IOS XE)
17.6.3a (Cisco IOS XE)
17.7.1a (Cisco IOS XE)
17.7.2 (Cisco IOS XE)
17.8.1a (Cisco IOS XE)
17.9.2a (Cisco IOS XE)
17.9.3a (Cisco IOS XE)
17.12.2 (Cisco IOS XE)
17.12.2a (Cisco IOS XE)
17.6.1y (Cisco IOS XE)
16.9.8 (Cisco IOS XE)
16.9.8a (Cisco IOS XE)
17.9.5a (Cisco IOS XE)
17.9.5b (Cisco IOS XE)
17.9.5c (Cisco IOS XE)
17.9.5d (Cisco IOS XE)
17.12.3a (Cisco IOS XE)
17.13.1 (Cisco IOS XE)
17.13.1a (Cisco IOS XE)
17.14.1 (Cisco IOS XE)
17.14.1a (Cisco IOS XE)
17.6.7 (Cisco IOS XE)
17.9.5 (Cisco IOS XE)
17.12.3 (Cisco IOS XE)
17.9.5e (Cisco IOS XE)
17.9.5f (Cisco IOS XE)
17.6.8a (Cisco IOS XE)
17.6.8 (Cisco IOS XE)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 7,7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 42%
0.00205
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20192

CVSS3: 7.7
nvd
9 месяцев назад

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.

github логотип

GHSA-ffcc-cqg6-6f7v

CVSS3: 7.7
github
9 месяцев назад

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.

EPSS

Процентиль: 42%
0.00205
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2