Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-11735

Опубликовано: 24 сент. 2025
Источник: fstec
CVSS3: 7.4
CVSS2: 6.1
EPSS Низкий

Описание

Уязвимость операционных систем Cisco IOS XE сетевого устройства Catalyst 9000 связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Catalyst 9000 Series Switches

Версия ПО

- (Catalyst 9000 Series Switches)

Тип ПО

ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS XE 16.6.1
Cisco Systems Inc. Cisco IOS XE 16.6.4
Cisco Systems Inc. Cisco IOS XE 16.6.2
Cisco Systems Inc. Cisco IOS XE 16.6.3
Cisco Systems Inc. Cisco IOS XE 16.7.1
Cisco Systems Inc. Cisco IOS XE 16.8.1
Cisco Systems Inc. Cisco IOS XE 16.8.1s
Cisco Systems Inc. Cisco IOS XE 16.6.4s
Cisco Systems Inc. Cisco IOS XE 16.6.4a
Cisco Systems Inc. Cisco IOS XE 16.8.1a
Cisco Systems Inc. Cisco IOS XE 16.9.1
Cisco Systems Inc. Cisco IOS XE 16.9.2
Cisco Systems Inc. Cisco IOS XE 16.9.1s
Cisco Systems Inc. Cisco IOS XE 16.10.1
Cisco Systems Inc. Cisco IOS XE 16.12.1
Cisco Systems Inc. Cisco IOS XE 16.9.2s
Cisco Systems Inc. Cisco IOS XE 16.6.5
Cisco Systems Inc. Cisco IOS XE 16.6.6
Cisco Systems Inc. Cisco IOS XE 16.9.3
Cisco Systems Inc. Cisco IOS XE 16.9.4
Cisco Systems Inc. Cisco IOS XE 16.9.3s
Cisco Systems Inc. Cisco IOS XE 16.10.1s
Cisco Systems Inc. Cisco IOS XE 16.10.1e
Cisco Systems Inc. Cisco IOS XE 16.11.1
Cisco Systems Inc. Cisco IOS XE 16.11.1b
Cisco Systems Inc. Cisco IOS XE 16.11.1s
Cisco Systems Inc. Cisco IOS XE 16.11.1c
Cisco Systems Inc. Cisco IOS XE 16.12.1c
Cisco Systems Inc. Cisco IOS XE 16.12.1s
Cisco Systems Inc. Cisco IOS XE 16.6.7
Cisco Systems Inc. Cisco IOS XE 16.6.8
Cisco Systems Inc. Cisco IOS XE 16.9.5
Cisco Systems Inc. Cisco IOS XE 17.2.1
Cisco Systems Inc. Cisco IOS XE 17.1.1
Cisco Systems Inc. Cisco IOS XE 16.12.2
Cisco Systems Inc. Cisco IOS XE 16.12.2s
Cisco Systems Inc. Cisco IOS XE 16.12.2t
Cisco Systems Inc. Cisco IOS XE 16.12.4
Cisco Systems Inc. Cisco IOS XE 16.12.3s
Cisco Systems Inc. Cisco IOS XE 16.12.3a
Cisco Systems Inc. Cisco IOS XE 16.12.4a
Cisco Systems Inc. Cisco IOS XE 17.1.1s
Cisco Systems Inc. Cisco IOS XE 17.1.2
Cisco Systems Inc. Cisco IOS XE 17.1.1t
Cisco Systems Inc. Cisco IOS XE 17.1.3
Cisco Systems Inc. Cisco IOS XE 17.2.1a
Cisco Systems Inc. Cisco IOS XE 17.3.1
Cisco Systems Inc. Cisco IOS XE 17.6.1
Cisco Systems Inc. Cisco IOS XE 17.9.1
Cisco Systems Inc. Cisco IOS XE 17.11.1
Cisco Systems Inc. Cisco IOS XE 17.12.1
Cisco Systems Inc. Cisco IOS XE 17.11.99SW
Cisco Systems Inc. Cisco IOS XE 17.10.1
Cisco Systems Inc. Cisco IOS XE 17.10.1b
Cisco Systems Inc. Cisco IOS XE 16.12.3
Cisco Systems Inc. Cisco IOS XE 16.12.8
Cisco Systems Inc. Cisco IOS XE 16.12.5
Cisco Systems Inc. Cisco IOS XE 16.12.6
Cisco Systems Inc. Cisco IOS XE 16.12.6a
Cisco Systems Inc. Cisco IOS XE 16.12.7
Cisco Systems Inc. Cisco IOS XE 17.8.1
Cisco Systems Inc. Cisco IOS XE 17.9.2
Cisco Systems Inc. Cisco IOS XE 17.9.3
Cisco Systems Inc. Cisco IOS XE 17.9.4
Cisco Systems Inc. Cisco IOS XE 17.9.4a
Cisco Systems Inc. Cisco IOS XE 17.7.1
Cisco Systems Inc. Cisco IOS XE 17.6.5a
Cisco Systems Inc. Cisco IOS XE 17.6.6a
Cisco Systems Inc. Cisco IOS XE 17.6.6
Cisco Systems Inc. Cisco IOS XE 17.6.2
Cisco Systems Inc. Cisco IOS XE 17.6.3
Cisco Systems Inc. Cisco IOS XE 17.6.4
Cisco Systems Inc. Cisco IOS XE 17.6.5
Cisco Systems Inc. Cisco IOS XE 17.3.2
Cisco Systems Inc. Cisco IOS XE 17.3.3
Cisco Systems Inc. Cisco IOS XE 17.3.2a
Cisco Systems Inc. Cisco IOS XE 17.3.4
Cisco Systems Inc. Cisco IOS XE 17.3.5
Cisco Systems Inc. Cisco IOS XE 17.3.6
Cisco Systems Inc. Cisco IOS XE 17.3.7
Cisco Systems Inc. Cisco IOS XE 17.3.8
Cisco Systems Inc. Cisco IOS XE 17.3.8a
Cisco Systems Inc. Cisco IOS XE 17.4.1
Cisco Systems Inc. Cisco IOS XE 17.5.1
Cisco Systems Inc. Cisco IOS XE 16.6.9
Cisco Systems Inc. Cisco IOS XE 16.6.10
Cisco Systems Inc. Cisco IOS XE 16.9.6
Cisco Systems Inc. Cisco IOS XE 16.9.7
Cisco Systems Inc. Cisco IOS XE 16.12.5b
Cisco Systems Inc. Cisco IOS XE 17.3.4b
Cisco Systems Inc. Cisco IOS XE 17.4.1c
Cisco Systems Inc. Cisco IOS XE 17.5.1b
Cisco Systems Inc. Cisco IOS XE 17.5.1c
Cisco Systems Inc. Cisco IOS XE 17.12.2
Cisco Systems Inc. Cisco IOS XE 17.6.1y
Cisco Systems Inc. Cisco IOS XE 16.9.8
Cisco Systems Inc. Cisco IOS XE 17.13.1
Cisco Systems Inc. Cisco IOS XE 17.14.1
Cisco Systems Inc. Cisco IOS XE 17.6.7
Cisco Systems Inc. Cisco IOS XE 17.9.5
Cisco Systems Inc. Cisco IOS XE 17.9.6b
Cisco Systems Inc. Cisco IOS XE 17.12.3
Cisco Systems Inc. Cisco IOS XE 17.12.4
Cisco Systems Inc. Cisco IOS XE 17.9.6a
Cisco Systems Inc. Cisco IOS XE 17.15.1
Cisco Systems Inc. Cisco IOS XE 17.12.1z3
Cisco Systems Inc. Cisco IOS XE 17.15.2
Cisco Systems Inc. Cisco IOS XE 17.15.2a
Cisco Systems Inc. Cisco IOS XE 17.15.2b
Cisco Systems Inc. Cisco IOS XE 17.16.1
Cisco Systems Inc. Cisco IOS XE 17.6.8
Cisco Systems Inc. Cisco IOS XE 17.9.6
Cisco Systems Inc. Cisco IOS XE 16.12.14

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,1)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 7,4)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 17%
0.00055
Низкий

7.4 High

CVSS3

6.1 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20311

CVSS3: 7.4
nvd
5 месяцев назад

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition.

github логотип

GHSA-pr4q-4px5-72j6

CVSS3: 7.4
github
5 месяцев назад

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition.

EPSS

Процентиль: 17%
0.00055
Низкий

7.4 High

CVSS3

6.1 Medium

CVSS2