exploitDog

CVE-2025-20363

Опубликовано: 25 сент. 2025

Источник: nvd

CVSS3: 9

EPSS Низкий

Описание

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device.

This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device.

For more information about this vulnerability, see the Details ["#details"] sec

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.12 (включая) до 9.12.4.72 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.14 (включая) до 9.14.4.28 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.16 (включая) до 9.16.4.84 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.17.0 (включая) до 9.18.4.57 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.19 (включая) до 9.19.1.42 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.20 (включая) до 9.20.3.16 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.22 (включая) до 9.22.2 (исключая)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Версия от 9.23 (включая) до 9.23.1.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.0.8 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 7.1.0 (включая) до 7.2.10 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 7.3.0 (включая) до 7.4.2.3 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.7.10 (исключая)

cpe:2.3:a:cisco:firepower_threat_defense:7.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00983

Низкий

9 Critical

CVSS3

Дефекты

CWE-122

Связанные уязвимости

GHSA-8wv4-73v4-qxp2

CVSS3: 9

github

5 месяцев назад

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] se...

BDU:2025-11752

CVSS3: 9

fstec

5 месяцев назад

Уязвимость веб-сервера микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD) операционных систем Cisco IOS, Cisco IOS XR и Cisco IOS XE, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 76%

0.00983

Низкий

9 Critical

CVSS3

Дефекты

CWE-122