Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-10330

Опубликовано: 07 мая 2025
Источник: fstec
CVSS3: 8.6
CVSS2: 7.8
EPSS Низкий

Описание

Уязвимость операционных систем Cisco IOS коммутаторов Cisco Industrial Ethernet 2000, 4000, 4010 и 5000 связана с отсутствием процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS

Версия ПО

15.2(5a)E1 (Cisco IOS)
15.0(2)SE8 (Cisco IOS)
15.2(2)E (Cisco IOS)
15.2(2)E1 (Cisco IOS)
15.2(3)E1 (Cisco IOS)
15.2(2)E2 (Cisco IOS)
15.2(2)E3 (Cisco IOS)
15.2(2a)E2 (Cisco IOS)
15.2(3)E2 (Cisco IOS)
15.2(3)E3 (Cisco IOS)
15.2(2)E4 (Cisco IOS)
15.2(2)E5 (Cisco IOS)
15.2(3)E4 (Cisco IOS)
15.2(5)E (Cisco IOS)
15.2(2)E6 (Cisco IOS)
15.2(5)E1 (Cisco IOS)
15.2(2)E5a (Cisco IOS)
15.2(2)E7 (Cisco IOS)
15.2(5)E2 (Cisco IOS)
15.2(6)E (Cisco IOS)
15.2(5)E2c (Cisco IOS)
15.2(6)E0a (Cisco IOS)
15.2(6)E0c (Cisco IOS)
15.2(1)EY (Cisco IOS)
15.0(2)EK (Cisco IOS)
15.0(2)EK1 (Cisco IOS)
15.2(2)EB (Cisco IOS)
15.2(2)EB1 (Cisco IOS)
15.2(2)EB2 (Cisco IOS)
15.2(4)EC1 (Cisco IOS)
15.2(4)EC2 (Cisco IOS)
15.2(2b)E (Cisco IOS)
15.2(7)E (Cisco IOS)
15.2(2)E8 (Cisco IOS)
15.2(6)E1 (Cisco IOS)
15.2(2)E9 (Cisco IOS)
15.2(6)E1a (Cisco IOS)
15.2(6)E1s (Cisco IOS)
15.2(2)E10 (Cisco IOS)
15.2(2)EA2 (Cisco IOS)
15.2(3)EA (Cisco IOS)
15.2(4)EA (Cisco IOS)
15.2(4)EA1 (Cisco IOS)
15.2(2)EA3 (Cisco IOS)
15.2(4)EA4 (Cisco IOS)
15.2(4)EA5 (Cisco IOS)
15.2(4)EA6 (Cisco IOS)
15.2(4)EA7 (Cisco IOS)
15.2(4)EA8 (Cisco IOS)
15.2(4)EA9 (Cisco IOS)
15.2(2)EA (Cisco IOS)
15.2(4)EA9A (Cisco IOS)
15.2(6)E2a (Cisco IOS)
15.2(6)E3 (Cisco IOS)
15.2(6)Eb (Cisco IOS)
15.2(7)E0b (Cisco IOS)
15.2(7)E0s (Cisco IOS)
15.2(7)E1a (Cisco IOS)
15.2(7)E2 (Cisco IOS)
15.2(7)E3 (Cisco IOS)
15.2(7)E5 (Cisco IOS)
15.2(8)E (Cisco IOS)
15.2(8)E1 (Cisco IOS)
15.2(7)E4 (Cisco IOS)
15.2(7)E6 (Cisco IOS)
15.2(8)E2 (Cisco IOS)
15.2(7)E7 (Cisco IOS)
15.2(8)E3 (Cisco IOS)
15.2(7)E8 (Cisco IOS)
15.2(8)E4 (Cisco IOS)
15.2(7)E9 (Cisco IOS)
15.2(8)E5 (Cisco IOS)
15.2(7)E10 (Cisco IOS)
15.2(8)E6 (Cisco IOS)
15.0(2)EA (Cisco IOS)
15.0(2)EA1 (Cisco IOS)
15.2(7)E11 (Cisco IOS)
15.3(3)JPU (Cisco IOS)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS 15.2(5a)E1
Cisco Systems Inc. Cisco IOS 15.0(2)SE8
Cisco Systems Inc. Cisco IOS 15.2(2)E
Cisco Systems Inc. Cisco IOS 15.2(2)E1
Cisco Systems Inc. Cisco IOS 15.2(3)E1
Cisco Systems Inc. Cisco IOS 15.2(2)E2
Cisco Systems Inc. Cisco IOS 15.2(2)E3
Cisco Systems Inc. Cisco IOS 15.2(2a)E2
Cisco Systems Inc. Cisco IOS 15.2(3)E2
Cisco Systems Inc. Cisco IOS 15.2(3)E3
Cisco Systems Inc. Cisco IOS 15.2(2)E4
Cisco Systems Inc. Cisco IOS 15.2(2)E5
Cisco Systems Inc. Cisco IOS 15.2(3)E4
Cisco Systems Inc. Cisco IOS 15.2(5)E
Cisco Systems Inc. Cisco IOS 15.2(2)E6
Cisco Systems Inc. Cisco IOS 15.2(5)E1
Cisco Systems Inc. Cisco IOS 15.2(2)E5a
Cisco Systems Inc. Cisco IOS 15.2(2)E7
Cisco Systems Inc. Cisco IOS 15.2(5)E2
Cisco Systems Inc. Cisco IOS 15.2(6)E
Cisco Systems Inc. Cisco IOS 15.2(5)E2c
Cisco Systems Inc. Cisco IOS 15.2(6)E0a
Cisco Systems Inc. Cisco IOS 15.2(6)E0c
Cisco Systems Inc. Cisco IOS 15.2(1)EY
Cisco Systems Inc. Cisco IOS 15.0(2)EK
Cisco Systems Inc. Cisco IOS 15.0(2)EK1
Cisco Systems Inc. Cisco IOS 15.2(2)EB
Cisco Systems Inc. Cisco IOS 15.2(2)EB1
Cisco Systems Inc. Cisco IOS 15.2(2)EB2
Cisco Systems Inc. Cisco IOS 15.2(4)EC1
Cisco Systems Inc. Cisco IOS 15.2(4)EC2
Cisco Systems Inc. Cisco IOS 15.2(2b)E
Cisco Systems Inc. Cisco IOS 15.2(7)E
Cisco Systems Inc. Cisco IOS 15.2(2)E8
Cisco Systems Inc. Cisco IOS 15.2(6)E1
Cisco Systems Inc. Cisco IOS 15.2(2)E9
Cisco Systems Inc. Cisco IOS 15.2(6)E1a
Cisco Systems Inc. Cisco IOS 15.2(6)E1s
Cisco Systems Inc. Cisco IOS 15.2(2)E10
Cisco Systems Inc. Cisco IOS 15.2(2)EA2
Cisco Systems Inc. Cisco IOS 15.2(3)EA
Cisco Systems Inc. Cisco IOS 15.2(4)EA
Cisco Systems Inc. Cisco IOS 15.2(4)EA1
Cisco Systems Inc. Cisco IOS 15.2(2)EA3
Cisco Systems Inc. Cisco IOS 15.2(4)EA4
Cisco Systems Inc. Cisco IOS 15.2(4)EA5
Cisco Systems Inc. Cisco IOS 15.2(4)EA6
Cisco Systems Inc. Cisco IOS 15.2(4)EA7
Cisco Systems Inc. Cisco IOS 15.2(4)EA8
Cisco Systems Inc. Cisco IOS 15.2(4)EA9
Cisco Systems Inc. Cisco IOS 15.2(2)EA
Cisco Systems Inc. Cisco IOS 15.2(4)EA9A
Cisco Systems Inc. Cisco IOS 15.2(6)E2a
Cisco Systems Inc. Cisco IOS 15.2(6)E3
Cisco Systems Inc. Cisco IOS 15.2(6)Eb
Cisco Systems Inc. Cisco IOS 15.2(7)E0b
Cisco Systems Inc. Cisco IOS 15.2(7)E0s
Cisco Systems Inc. Cisco IOS 15.2(7)E1a
Cisco Systems Inc. Cisco IOS 15.2(7)E2
Cisco Systems Inc. Cisco IOS 15.2(7)E3
Cisco Systems Inc. Cisco IOS 15.2(7)E5
Cisco Systems Inc. Cisco IOS 15.2(8)E
Cisco Systems Inc. Cisco IOS 15.2(8)E1
Cisco Systems Inc. Cisco IOS 15.2(7)E4
Cisco Systems Inc. Cisco IOS 15.2(7)E6
Cisco Systems Inc. Cisco IOS 15.2(8)E2
Cisco Systems Inc. Cisco IOS 15.2(7)E7
Cisco Systems Inc. Cisco IOS 15.2(8)E3
Cisco Systems Inc. Cisco IOS 15.2(7)E8
Cisco Systems Inc. Cisco IOS 15.2(8)E4
Cisco Systems Inc. Cisco IOS 15.2(7)E9
Cisco Systems Inc. Cisco IOS 15.2(8)E5
Cisco Systems Inc. Cisco IOS 15.2(7)E10
Cisco Systems Inc. Cisco IOS 15.2(8)E6
Cisco Systems Inc. Cisco IOS 15.0(2)EA
Cisco Systems Inc. Cisco IOS 15.0(2)EA1
Cisco Systems Inc. Cisco IOS 15.2(7)E11
Cisco Systems Inc. Cisco IOS 15.3(3)JPU

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 8,6)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 41%
0.00191
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20164

CVSS3: 8.3
nvd
9 месяцев назад

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

github логотип

GHSA-3grg-fvvv-2qrm

CVSS3: 8.3
github
9 месяцев назад

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

EPSS

Процентиль: 41%
0.00191
Низкий

8.6 High

CVSS3

7.8 High

CVSS2