CVE-2025-20178

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 6

CVSS3: 7.2

EPSS Низкий

Описание

This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-prvesc-4BQmK33Z
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-02-22:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-03-08:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-04-15:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-05-15:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-06-10:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-07-09:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-08-13:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-09-12:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-10-15:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2024-12-02:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.0:rollup_2025-01-24:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:-:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:rollup_2024-08-14:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:rollup_2024-09-18:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:rollup_2024-10-15:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:rollup_2024-11-12:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.1:rollup_2025-01-07:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_network_analytics:7.5.2:-:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

6 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-347

Связанные уязвимости

GHSA-vr9w-fp6c-vj58

CVSS3: 6

github

10 месяцев назад

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

BDU:2025-05024

CVSS3: 6

fstec

10 месяцев назад

Уязвимость веб-интерфейса управления системы анализа сетевого трафика, сетевого обнаружения и реагирования Cisco Secure Network Analytics (ранее Cisco Stealthwatch Enterprise), позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 11%

0.00037

Низкий

6 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-347