Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-11719

Опубликовано: 24 сент. 2025
Источник: fstec
CVSS3: 7.7
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость реализации протокола SNMP операционных систем Cisco IOS XE связана с выполнением цикла с недоступным условием выхода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS XE

Версия ПО

17.2.1 (Cisco IOS XE)
17.2.1r (Cisco IOS XE)
17.2.1a (Cisco IOS XE)
17.2.1v (Cisco IOS XE)
17.2.2 (Cisco IOS XE)
17.3.1 (Cisco IOS XE)
17.3.1a (Cisco IOS XE)
17.6.1 (Cisco IOS XE)
17.9.1 (Cisco IOS XE)
17.9.1a (Cisco IOS XE)
17.9.1w (Cisco IOS XE)
17.11.1 (Cisco IOS XE)
17.11.1a (Cisco IOS XE)
17.12.1 (Cisco IOS XE)
17.12.1w (Cisco IOS XE)
17.12.1a (Cisco IOS XE)
17.10.1 (Cisco IOS XE)
17.10.1a (Cisco IOS XE)
17.10.1b (Cisco IOS XE)
17.8.1 (Cisco IOS XE)
17.9.2 (Cisco IOS XE)
17.9.3 (Cisco IOS XE)
17.9.4 (Cisco IOS XE)
17.9.4a (Cisco IOS XE)
17.7.1 (Cisco IOS XE)
17.6.5a (Cisco IOS XE)
17.6.6a (Cisco IOS XE)
17.6.6 (Cisco IOS XE)
17.6.2 (Cisco IOS XE)
17.6.3 (Cisco IOS XE)
17.6.4 (Cisco IOS XE)
17.6.5 (Cisco IOS XE)
17.3.2 (Cisco IOS XE)
17.3.3 (Cisco IOS XE)
17.3.2a (Cisco IOS XE)
17.3.4 (Cisco IOS XE)
17.3.5 (Cisco IOS XE)
17.3.6 (Cisco IOS XE)
17.3.4c (Cisco IOS XE)
17.3.5a (Cisco IOS XE)
17.3.5b (Cisco IOS XE)
17.3.7 (Cisco IOS XE)
17.3.8 (Cisco IOS XE)
17.3.8a (Cisco IOS XE)
17.4.1 (Cisco IOS XE)
17.5.1 (Cisco IOS XE)
17.2.3 (Cisco IOS XE)
17.3.3a (Cisco IOS XE)
17.3.4a (Cisco IOS XE)
17.3.4b (Cisco IOS XE)
17.4.1a (Cisco IOS XE)
17.4.1b (Cisco IOS XE)
17.4.1c (Cisco IOS XE)
17.4.2 (Cisco IOS XE)
17.4.2a (Cisco IOS XE)
17.5.1a (Cisco IOS XE)
17.6.1a (Cisco IOS XE)
17.6.3a (Cisco IOS XE)
17.7.1a (Cisco IOS XE)
17.7.1b (Cisco IOS XE)
17.7.2 (Cisco IOS XE)
17.8.1a (Cisco IOS XE)
17.9.2a (Cisco IOS XE)
17.9.3a (Cisco IOS XE)
17.12.2 (Cisco IOS XE)
17.12.2a (Cisco IOS XE)
17.3.1w (Cisco IOS XE)
17.3.1x (Cisco IOS XE)
17.3.1z (Cisco IOS XE)
17.6.1w (Cisco IOS XE)
17.6.1x (Cisco IOS XE)
17.6.1y (Cisco IOS XE)
17.6.1z (Cisco IOS XE)
17.6.1z1 (Cisco IOS XE)
17.9.1x (Cisco IOS XE)
17.9.1y (Cisco IOS XE)
17.9.1x1 (Cisco IOS XE)
17.9.1y1 (Cisco IOS XE)
17.9.5a (Cisco IOS XE)
17.9.5b (Cisco IOS XE)
17.9.5c (Cisco IOS XE)
17.9.5d (Cisco IOS XE)
17.12.1x (Cisco IOS XE)
17.12.1y (Cisco IOS XE)
17.12.3a (Cisco IOS XE)
17.13.1 (Cisco IOS XE)
17.13.1a (Cisco IOS XE)
17.14.1 (Cisco IOS XE)
17.14.1a (Cisco IOS XE)
17.12.1z2 (Cisco IOS XE)
17.6.7 (Cisco IOS XE)
17.9.5 (Cisco IOS XE)
17.9.6b (Cisco IOS XE)
17.12.3 (Cisco IOS XE)
17.9.5e (Cisco IOS XE)
17.9.5f (Cisco IOS XE)
17.12.4 (Cisco IOS XE)
17.12.4a (Cisco IOS XE)
17.12.4b (Cisco IOS XE)
17.9.6a (Cisco IOS XE)
17.12.1z (Cisco IOS XE)
17.12.1z1 (Cisco IOS XE)
17.6.8a (Cisco IOS XE)
17.15.1 (Cisco IOS XE)
17.15.1w (Cisco IOS XE)
17.15.1a (Cisco IOS XE)
17.15.1b (Cisco IOS XE)
17.12.1z3 (Cisco IOS XE)
17.15.1x (Cisco IOS XE)
17.12.5a (Cisco IOS XE)
17.12.1z4 (Cisco IOS XE)
17.15.2 (Cisco IOS XE)
17.15.3 (Cisco IOS XE)
17.15.2c (Cisco IOS XE)
17.15.2a (Cisco IOS XE)
17.15.1y (Cisco IOS XE)
17.15.2b (Cisco IOS XE)
17.16.1 (Cisco IOS XE)
17.16.1a (Cisco IOS XE)
17.17.1 (Cisco IOS XE)
17.6.8 (Cisco IOS XE)
17.9.6 (Cisco IOS XE)
17.9.7 (Cisco IOS XE)
17.9.7a (Cisco IOS XE)
17.12.5 (Cisco IOS XE)
17.12.5b (Cisco IOS XE)
17.9.7b (Cisco IOS XE)
17.12.5c (Cisco IOS XE)
17.15.1z (Cisco IOS XE)
17.15.3a (Cisco IOS XE)
17.15.3b (Cisco IOS XE)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS XE 17.2.1
Cisco Systems Inc. Cisco IOS XE 17.2.1r
Cisco Systems Inc. Cisco IOS XE 17.2.1a
Cisco Systems Inc. Cisco IOS XE 17.2.1v
Cisco Systems Inc. Cisco IOS XE 17.2.2
Cisco Systems Inc. Cisco IOS XE 17.3.1
Cisco Systems Inc. Cisco IOS XE 17.3.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1
Cisco Systems Inc. Cisco IOS XE 17.9.1
Cisco Systems Inc. Cisco IOS XE 17.9.1a
Cisco Systems Inc. Cisco IOS XE 17.9.1w
Cisco Systems Inc. Cisco IOS XE 17.11.1
Cisco Systems Inc. Cisco IOS XE 17.11.1a
Cisco Systems Inc. Cisco IOS XE 17.12.1
Cisco Systems Inc. Cisco IOS XE 17.12.1w
Cisco Systems Inc. Cisco IOS XE 17.12.1a
Cisco Systems Inc. Cisco IOS XE 17.10.1
Cisco Systems Inc. Cisco IOS XE 17.10.1a
Cisco Systems Inc. Cisco IOS XE 17.10.1b
Cisco Systems Inc. Cisco IOS XE 17.8.1
Cisco Systems Inc. Cisco IOS XE 17.9.2
Cisco Systems Inc. Cisco IOS XE 17.9.3
Cisco Systems Inc. Cisco IOS XE 17.9.4
Cisco Systems Inc. Cisco IOS XE 17.9.4a
Cisco Systems Inc. Cisco IOS XE 17.7.1
Cisco Systems Inc. Cisco IOS XE 17.6.5a
Cisco Systems Inc. Cisco IOS XE 17.6.6a
Cisco Systems Inc. Cisco IOS XE 17.6.6
Cisco Systems Inc. Cisco IOS XE 17.6.2
Cisco Systems Inc. Cisco IOS XE 17.6.3
Cisco Systems Inc. Cisco IOS XE 17.6.4
Cisco Systems Inc. Cisco IOS XE 17.6.5
Cisco Systems Inc. Cisco IOS XE 17.3.2
Cisco Systems Inc. Cisco IOS XE 17.3.3
Cisco Systems Inc. Cisco IOS XE 17.3.2a
Cisco Systems Inc. Cisco IOS XE 17.3.4
Cisco Systems Inc. Cisco IOS XE 17.3.5
Cisco Systems Inc. Cisco IOS XE 17.3.6
Cisco Systems Inc. Cisco IOS XE 17.3.4c
Cisco Systems Inc. Cisco IOS XE 17.3.5a
Cisco Systems Inc. Cisco IOS XE 17.3.5b
Cisco Systems Inc. Cisco IOS XE 17.3.7
Cisco Systems Inc. Cisco IOS XE 17.3.8
Cisco Systems Inc. Cisco IOS XE 17.3.8a
Cisco Systems Inc. Cisco IOS XE 17.4.1
Cisco Systems Inc. Cisco IOS XE 17.5.1
Cisco Systems Inc. Cisco IOS XE 17.2.3
Cisco Systems Inc. Cisco IOS XE 17.3.3a
Cisco Systems Inc. Cisco IOS XE 17.3.4a
Cisco Systems Inc. Cisco IOS XE 17.3.4b
Cisco Systems Inc. Cisco IOS XE 17.4.1a
Cisco Systems Inc. Cisco IOS XE 17.4.1b
Cisco Systems Inc. Cisco IOS XE 17.4.1c
Cisco Systems Inc. Cisco IOS XE 17.4.2
Cisco Systems Inc. Cisco IOS XE 17.4.2a
Cisco Systems Inc. Cisco IOS XE 17.5.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1a
Cisco Systems Inc. Cisco IOS XE 17.6.3a
Cisco Systems Inc. Cisco IOS XE 17.7.1a
Cisco Systems Inc. Cisco IOS XE 17.7.1b
Cisco Systems Inc. Cisco IOS XE 17.7.2
Cisco Systems Inc. Cisco IOS XE 17.8.1a
Cisco Systems Inc. Cisco IOS XE 17.9.2a
Cisco Systems Inc. Cisco IOS XE 17.9.3a
Cisco Systems Inc. Cisco IOS XE 17.12.2
Cisco Systems Inc. Cisco IOS XE 17.12.2a
Cisco Systems Inc. Cisco IOS XE 17.3.1w
Cisco Systems Inc. Cisco IOS XE 17.3.1x
Cisco Systems Inc. Cisco IOS XE 17.3.1z
Cisco Systems Inc. Cisco IOS XE 17.6.1w
Cisco Systems Inc. Cisco IOS XE 17.6.1x
Cisco Systems Inc. Cisco IOS XE 17.6.1y
Cisco Systems Inc. Cisco IOS XE 17.6.1z
Cisco Systems Inc. Cisco IOS XE 17.6.1z1
Cisco Systems Inc. Cisco IOS XE 17.9.1x
Cisco Systems Inc. Cisco IOS XE 17.9.1y
Cisco Systems Inc. Cisco IOS XE 17.9.1x1
Cisco Systems Inc. Cisco IOS XE 17.9.1y1
Cisco Systems Inc. Cisco IOS XE 17.9.5a
Cisco Systems Inc. Cisco IOS XE 17.9.5b
Cisco Systems Inc. Cisco IOS XE 17.9.5c
Cisco Systems Inc. Cisco IOS XE 17.9.5d
Cisco Systems Inc. Cisco IOS XE 17.12.1x
Cisco Systems Inc. Cisco IOS XE 17.12.1y
Cisco Systems Inc. Cisco IOS XE 17.12.3a
Cisco Systems Inc. Cisco IOS XE 17.13.1
Cisco Systems Inc. Cisco IOS XE 17.13.1a
Cisco Systems Inc. Cisco IOS XE 17.14.1
Cisco Systems Inc. Cisco IOS XE 17.14.1a
Cisco Systems Inc. Cisco IOS XE 17.12.1z2
Cisco Systems Inc. Cisco IOS XE 17.6.7
Cisco Systems Inc. Cisco IOS XE 17.9.5
Cisco Systems Inc. Cisco IOS XE 17.9.6b
Cisco Systems Inc. Cisco IOS XE 17.12.3
Cisco Systems Inc. Cisco IOS XE 17.9.5e
Cisco Systems Inc. Cisco IOS XE 17.9.5f
Cisco Systems Inc. Cisco IOS XE 17.12.4
Cisco Systems Inc. Cisco IOS XE 17.12.4a
Cisco Systems Inc. Cisco IOS XE 17.12.4b
Cisco Systems Inc. Cisco IOS XE 17.9.6a
Cisco Systems Inc. Cisco IOS XE 17.12.1z
Cisco Systems Inc. Cisco IOS XE 17.12.1z1
Cisco Systems Inc. Cisco IOS XE 17.6.8a
Cisco Systems Inc. Cisco IOS XE 17.15.1
Cisco Systems Inc. Cisco IOS XE 17.15.1w
Cisco Systems Inc. Cisco IOS XE 17.15.1a
Cisco Systems Inc. Cisco IOS XE 17.15.1b
Cisco Systems Inc. Cisco IOS XE 17.12.1z3
Cisco Systems Inc. Cisco IOS XE 17.15.1x
Cisco Systems Inc. Cisco IOS XE 17.12.5a
Cisco Systems Inc. Cisco IOS XE 17.12.1z4
Cisco Systems Inc. Cisco IOS XE 17.15.2
Cisco Systems Inc. Cisco IOS XE 17.15.3
Cisco Systems Inc. Cisco IOS XE 17.15.2c
Cisco Systems Inc. Cisco IOS XE 17.15.2a
Cisco Systems Inc. Cisco IOS XE 17.15.1y
Cisco Systems Inc. Cisco IOS XE 17.15.2b
Cisco Systems Inc. Cisco IOS XE 17.16.1
Cisco Systems Inc. Cisco IOS XE 17.16.1a
Cisco Systems Inc. Cisco IOS XE 17.17.1
Cisco Systems Inc. Cisco IOS XE 17.6.8
Cisco Systems Inc. Cisco IOS XE 17.9.6
Cisco Systems Inc. Cisco IOS XE 17.9.7
Cisco Systems Inc. Cisco IOS XE 17.9.7a
Cisco Systems Inc. Cisco IOS XE 17.12.5
Cisco Systems Inc. Cisco IOS XE 17.12.5b
Cisco Systems Inc. Cisco IOS XE 17.9.7b
Cisco Systems Inc. Cisco IOS XE 17.12.5c
Cisco Systems Inc. Cisco IOS XE 17.15.1z
Cisco Systems Inc. Cisco IOS XE 17.15.3a
Cisco Systems Inc. Cisco IOS XE 17.15.3b

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 7,7)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 55%
0.00319
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20312

CVSS3: 7.7
nvd
5 месяцев назад

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

github логотип

GHSA-6cwx-5rq4-6px8

CVSS3: 7.7
github
5 месяцев назад

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

EPSS

Процентиль: 55%
0.00319
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2