RSS Advisory Board

Jump to navigation

Sorry

This feed does not validate.

• line 61, column 34: pubDate must be an RFC-822 date-time: 2025-06-18 16:00:00.0 (50 occurrences) [help]

  		  <pubDate>2025-06-18 16:00:00.0</pubDate>                   
                                    ^

In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

• line 28, column 145: Self reference doesn't match document location [help]

  ...  rel="self" type="application/rss+xml" ></atom:link>
                                               ^

• line 324, column 9: description should not contain relative URL references: #details (4 occurrences) [help]

           </description>
           ^

Source: https://sec.cloudapps.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml

1. <?xml version="1.0" encoding="utf-8" ?>
2. <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
3.  <channel>
4.  <!-- I2R 9899 -->
5.  
6.    
7.    <title>Cisco Security Advisory</title>
8.    
9.  
10.  
11.  
12.    
13.    
14.    
15.    <link>http://sec.cloudapps.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml</link>
16.    
17.    <description>
18.    
19.    </description>
20.    <language>en-us</language>
21.    <copyright>
22.         1992-2010 Cisco Systems, Inc. All rights reserved.
23.    </copyright>
24.    <category>Cisco Security Advisory</category>
25.    <generator>
26.     Cisco Systems, Inc.
27.    </generator>
28.    <atom:link href="http://sec.cloudapps.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml" rel="self" type="application/rss+xml" ></atom:link>
29.    <ttl>15</ttl>
30.  
31.    
32.    
33.  <item>
34.  <!-- I2R 9899 -->
35.          <title>ClamAV UDF File Parsing Out-of-Bounds Read Information Disclosure Vulnerability</title>
36.          
37.          
38.            
39.            
41.            
43.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=ClamAV%20UDF%20File%20Parsing%20Out-of-Bounds%20Read%20Information%20Disclosure%20Vulnerability%26vs_k=1</link>
44.          
45.          <description>
47. <p>A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p>
48. <p>This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.</p>
49. <p>For a description of this vulnerability, see the <a href="https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html">ClamAV blog</a>.</p>
50.  
51. <p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
52. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy</a></p>
53.      
54.           <br/>Security Impact Rating:  Medium
55.    
56.    
57.        <br/>CVE: CVE-2025-20234
58.    
59.         </description>
60.          
61.  <pubDate>2025-06-18 16:00:00.0</pubDate>                  
62.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy</guid>
63.      </item>
64.    
66.    
67.  <item>
68.  <!-- I2R 9899 -->
69.          <title>Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability</title>
70.          
71.          
72.            
73.            
75.            
77.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-sM5GCfm7?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Meraki%20MX%20and%20Z%20Series%20AnyConnect%20VPN%20with%20Client%20Certificate%20Authentication%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
78.          
79.          <description>
81. <p>A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device.</p>
82. <p>This vulnerability is due to variable initialization errors when an SSL VPN session is established. An attacker could exploit this vulnerability by sending a sequence of crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of all established SSL VPN sessions and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users.</p>
83.  
84. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
85. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-sM5GCfm7">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-sM5GCfm7</a></p>
86.      
87.           <br/>Security Impact Rating:  High
88.    
89.    
90.        <br/>CVE: CVE-2025-20271
91.    
92.         </description>
93.          
94.  <pubDate>2025-06-18 16:00:00.0</pubDate>                  
95.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-sM5GCfm7</guid>
96.      </item>
97.    
99.    
100.  <item>
101.  <!-- I2R 9899 -->
102.          <title>Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025</title>
103.          
104.          
105.            
106.            
108.            
110.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Multiple%20Cisco%20Products%20Unauthenticated%20Remote%20Code%20Execution%20in%20Erlang/OTP%20SSH%20Server:%20April%202025%26vs_k=1</link>
111.          
112.          <description>
114. <p>On April 16, 2025, a critical vulnerability in the Erlang/OTP SSH server was disclosed. This vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an affected device.</p>
115. <p>The vulnerability is due to a flaw in the handling of SSH messages during the authentication phase.</p>
116. <p>For a description of this vulnerability, see the <a href="https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2" target="_blank" rel="noopener">Erlang announcement</a>.</p>
117. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy</a></p>
118.  
119.      
120.           <br/>Security Impact Rating:  Critical
121.    
122.    
123.        <br/>CVE: CVE-2025-32433
124.    
125.         </description>
126.          
127.  <pubDate>2025-06-11 14:40:37.0</pubDate>                  
128.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy</guid>
129.      </item>
130.    
132.    
133.  <item>
134.  <!-- I2R 9899 -->
135.          <title>Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability</title>
136.          
137.          
138.            
139.            
141.            
143.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Software%20Arbitrary%20File%20Upload%20Vulnerability%26vs_k=1</link>
144.          
145.          <description>
147. <p>A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features<strong> </strong>of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.</p>
148. <p>This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system.  An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with <em>root</em> privileges. </p>
149.  
150. <p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
151. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC" rel="nofollow">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC</a></p>
152. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279" rel="nofollow">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
153.      
154.           <br/>Security Impact Rating:  Critical
155.    
156.    
157.        <br/>CVE: CVE-2025-20188
158.    
159.         </description>
160.          
161.  <pubDate>2025-06-06 20:02:48.0</pubDate>                  
162.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC</guid>
163.      </item>
164.    
166.    
167.  <item>
168.  <!-- I2R 9899 -->
169.          <title>Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability</title>
170.          
171.          
172.            
173.            
175.            
177.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20on%20Cloud%20Platforms%20Static%20Credential%20Vulnerability%26vs_k=1</link>
178.          
179.          <description>
181. <p>A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.</p>
182. <p>This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.</p>
183. <p><strong>Note: </strong>If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.</p>
184.  
185. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
186. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7</a></p>
187.      
188.           <br/>Security Impact Rating:  Critical
189.    
190.    
191.        <br/>CVE: CVE-2025-20286
192.    
193.         </description>
194.          
195.  <pubDate>2025-06-05 17:26:25.0</pubDate>                  
196.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7</guid>
197.      </item>
198.    
200.    
201.  <item>
202.  <!-- I2R 9899 -->
203.          <title>Cisco Customer Collaboration Platform Information Disclosure Vulnerability</title>
204.          
205.          
206.            
207.            
209.            
211.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Customer%20Collaboration%20Platform%20Information%20Disclosure%20Vulnerability%26vs_k=1</link>
212.          
213.          <description>
215. <p>A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.</p>
216. <p>This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.</p>
217.  
218. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
219. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd</a></p>
220.  
221.      
222.           <br/>Security Impact Rating:  Medium
223.    
224.    
225.        <br/>CVE: CVE-2025-20129
226.    
227.         </description>
228.          
229.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
230.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd</guid>
231.      </item>
232.    
234.    
235.  <item>
236.  <!-- I2R 9899 -->
237.          <title>Cisco Unified Communications Products Command Injection Vulnerability</title>
238.          
239.          
240.            
241.            
243.            
245.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Products%20Command%20Injection%20Vulnerability%26vs_k=1</link>
246.          
247.          <description>
249. <p>A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the <em>root</em> user.</p>
250. <p>This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the <em>root</em> user. To exploit this vulnerability, the attacker must have valid administrative credentials.</p>
251.  
252. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
253. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy</a></p>
254.      
255.           <br/>Security Impact Rating:  Medium
256.    
257.    
258.        <br/>CVE: CVE-2025-20278
259.    
260.         </description>
261.          
262.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
263.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy</guid>
264.      </item>
265.    
267.    
268.  <item>
269.  <!-- I2R 9899 -->
270.          <title>Cisco Integrated Management Controller Privilege Escalation Vulnerability</title>
271.          
272.          
273.            
274.            
276.            
278.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Integrated%20Management%20Controller%20Privilege%20Escalation%20Vulnerability%26vs_k=1</link>
279.          
280.          <description>
282. <p>A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.</p>
283. <p>This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.</p>
284.  
285. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability, but a mitigation is available.</p>
286. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM</a></p>
287.      
288.           <br/>Security Impact Rating:  High
289.    
290.    
291.        <br/>CVE: CVE-2025-20261
292.    
293.         </description>
294.          
295.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
296.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM</guid>
297.      </item>
298.    
300.    
301.  <item>
302.  <!-- I2R 9899 -->
303.          <title>Cisco Unified Contact Center Express Vulnerabilities</title>
304.          
305.          
306.            
307.            
309.            
311.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Contact%20Center%20Express%20Vulnerabilities%26vs_k=1</link>
312.          
313.          <description>
314. <p>Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack or execute arbitrary code on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.</p>
315. <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
316. <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
317. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL</a></p>
318.      
319.           <br/>Security Impact Rating:  Medium
320.    
321.    
322.        <br/>CVE: CVE-2025-20276,CVE-2025-20277,CVE-2025-20279
323.    
324.         </description>
325.          
326.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
327.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL</guid>
328.      </item>
329.    
331.    
332.  <item>
333.  <!-- I2R 9899 -->
334.          <title>Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability</title>
335.          
336.          
337.            
338.            
340.            
342.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Contact%20Center%20Express%20Editor%20Remote%20Code%20Execution%20Vulnerability%26vs_k=1</link>
343.          
344.          <description>
346. <p>A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. </p>
347. <p>This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted <em>.aef</em> file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.</p>
348.  
349. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
350. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8</a></p>
351.      
352.           <br/>Security Impact Rating:  Medium
353.    
354.    
355.        <br/>CVE: CVE-2025-20275
356.    
357.         </description>
358.          
359.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
360.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8</guid>
361.      </item>
362.    
364.    
365.  <item>
366.  <!-- I2R 9899 -->
367.          <title>Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities</title>
368.          
369.          
370.            
371.            
373.            
375.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20ThousandEyes%20Endpoint%20Agent%20for%20Windows%20Arbitrary%20File%20Delete%20Vulnerabilities%26vs_k=1</link>
376.          
377.          <description>
379. <p>Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device.</p>
380. <p>These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.</p>
381.  
382. <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
383. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ</a></p>
384.      
385.           <br/>Security Impact Rating:  Medium
386.    
387.    
388.        <br/>CVE: CVE-2025-20259
389.    
390.         </description>
391.          
392.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
393.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ</guid>
394.      </item>
395.    
397.    
398.  <item>
399.  <!-- I2R 9899 -->
400.          <title>Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability</title>
401.          
402.          
403.            
404.            
406.            
408.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Nexus%20Dashboard%20Fabric%20Controller%20SSH%20Host%20Key%20Validation%20Vulnerability%26vs_k=1</link>
409.          
410.          <description>
412. <p>A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.</p>
413. <p>This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.</p>
414.  
415. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
416. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp</a></p>
417.      
418.           <br/>Security Impact Rating:  High
419.    
420.    
421.        <br/>CVE: CVE-2025-20163
422.    
423.         </description>
424.          
425.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
426.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp</guid>
427.      </item>
428.    
430.    
431.  <item>
432.  <!-- I2R 9899 -->
433.          <title>Cisco Identity Services Engine Arbitrary File Upload Vulnerability</title>
434.          
435.          
436.            
437.            
439.            
441.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Arbitrary%20File%20Upload%20Vulnerability%26vs_k=1</link>
442.          
443.          <description>
445. <p>A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.</p>
446. <p>This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.</p>
447.  
448. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
449. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY</a></p>
450.      
451.           <br/>Security Impact Rating:  Medium
452.    
453.    
454.        <br/>CVE: CVE-2025-20130
455.    
456.         </description>
457.          
458.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
459.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY</guid>
460.      </item>
461.    
463.    
464.  <item>
465.  <!-- I2R 9899 -->
466.          <title>Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability</title>
467.          
468.          
469.            
470.            
472.            
474.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Intelligent%20Contact%20Management%20Enterprise%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1</link>
475.          
476.          <description>
478. <p>A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.</p>
479. <p>This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</p>
480.  
481. <p>Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
482. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg</a></p>
483.      
484.           <br/>Security Impact Rating:  Medium
485.    
486.    
487.        <br/>CVE: CVE-2025-20273
488.    
489.         </description>
490.          
491.  <pubDate>2025-06-04 16:00:00.0</pubDate>                  
492.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg</guid>
493.      </item>
494.    
496.    
497.  <item>
498.  <!-- I2R 9899 -->
499.          <title>Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities</title>
500.          
501.          
502.            
503.            
505.            
507.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Meraki%20MX%20and%20Z%20Series%20Teleworker%20Gateway%20AnyConnect%20VPN%20Denial%20of%20Service%20Vulnerabilities%26vs_k=1</link>
508.          
509.          <description>
510. <p>Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device.</p>
511. <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
512. <p>Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
513. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2</a></p>
514.      
515.           <br/>Security Impact Rating:  High
516.    
517.    
518.        <br/>CVE: CVE-2024-20498,CVE-2024-20499,CVE-2024-20500,CVE-2024-20501,CVE-2024-20502,CVE-2024-20513
519.    
520.         </description>
521.          
522.  <pubDate>2025-06-02 14:22:28.0</pubDate>                  
523.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2</guid>
524.      </item>
525.    
527.    
528.  <item>
529.  <!-- I2R 9899 -->
530.          <title>Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability</title>
531.          
532.          
533.            
534.            
536.            
538.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Meraki%20MX%20and%20Z%20Series%20Teleworker%20Gateway%20AnyConnect%20VPN%20Session%20Takeover%20and%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
539.          
540.          <description>
542. <p>A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.</p>
543. <p>This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.</p>
544.  
545. <p>Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
546. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X</a></p>
547.      
548.           <br/>Security Impact Rating:  Medium
549.    
550.    
551.        <br/>CVE: CVE-2024-20509
552.    
553.         </description>
554.          
555.  <pubDate>2025-06-02 14:22:27.0</pubDate>                  
556.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X</guid>
557.      </item>
558.    
560.    
561.  <item>
562.  <!-- I2R 9899 -->
563.          <title>Cisco Unified Contact Center Enterprise Cloud Connect Insufficient Access Control Vulnerability</title>
564.          
565.          
566.            
567.            
569.            
571.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Contact%20Center%20Enterprise%20Cloud%20Connect%20Insufficient%20Access%20Control%20Vulnerability%26vs_k=1</link>
572.          
573.          <description>
575. <p>A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device.</p>
576. <p>This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.</p>
577.  
578. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
579. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8</a></p>
580.      
581.           <br/>Security Impact Rating:  Medium
582.    
583.    
584.        <br/>CVE: CVE-2025-20242
585.    
586.         </description>
587.          
588.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
589.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8</guid>
590.      </item>
591.    
593.    
594.  <item>
595.  <!-- I2R 9899 -->
596.          <title>Cisco Webex Services Cross-Site Scripting Vulnerabilities</title>
597.          
598.          
599.            
600.            
602.            
604.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-7teQtFn8?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Services%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1</link>
605.          
606.          <description>
607. <p>Multiple vulnerabilities in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.</p>
608. <p>These vulnerabilities are due to improper filtering of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.</p>
609. <p>Cisco has addressed these vulnerabilities in the service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address the vulnerabilities.</p>
610. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-7teQtFn8">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-7teQtFn8</a></p>
611.      
612.           <br/>Security Impact Rating:  Medium
613.    
614.    
615.        <br/>CVE: CVE-2025-20246,CVE-2025-20247,CVE-2025-20250
616.    
617.         </description>
618.          
619.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
620.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-7teQtFn8</guid>
621.      </item>
622.    
624.    
625.  <item>
626.  <!-- I2R 9899 -->
627.          <title>Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability</title>
628.          
629.          
630.            
631.            
633.            
635.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cache-Q4xbkQBG?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Meetings%20Services%20HTTP%20Cache%20Poisoning%20Vulnerability%26vs_k=1</link>
636.          
637.          <description>
639. <p>A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service.</p>
640. <p>This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.</p>
641.  
642. <p>Cisco has addressed this vulnerability in the service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability.</p>
643. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cache-Q4xbkQBG">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cache-Q4xbkQBG</a></p>
644.      
645.           <br/>Security Impact Rating:  Medium
646.    
647.    
648.        <br/>CVE: CVE-2025-20255
649.    
650.         </description>
651.          
652.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
653.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cache-Q4xbkQBG</guid>
654.      </item>
655.    
657.    
658.  <item>
659.  <!-- I2R 9899 -->
660.          <title>Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability</title>
661.          
662.          
663.            
664.            
666.            
668.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-ssti-dPuLqSmZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Secure%20Network%20Analytics%20Manager%20Privilege%20Escalation%20Vulnerability%26vs_k=1</link>
669.          
670.          <description>
672. <p>A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as <em>root</em> on the underlying operating system.</p>
673. <p>This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with <em>root</em> privileges. </p>
674.  
675. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
676. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-ssti-dPuLqSmZ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-ssti-dPuLqSmZ</a></p>
677.      
678.           <br/>Security Impact Rating:  Medium
679.    
680.    
681.        <br/>CVE: CVE-2025-20256
682.    
683.         </description>
684.          
685.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
686.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-ssti-dPuLqSmZ</guid>
687.      </item>
688.    
690.    
691.  <item>
692.  <!-- I2R 9899 -->
693.          <title>Cisco Secure Network Analytics Manager API Authorization Vulnerability</title>
694.          
695.          
696.            
697.            
699.            
701.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Secure%20Network%20Analytics%20Manager%20API%20Authorization%20Vulnerability%26vs_k=1</link>
702.          
703.          <description>
705. <p>A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product.</p>
706. <p>Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device.</p>
707.  
708. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
709. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw</a></p>
710.      
711.           <br/>Security Impact Rating:  Medium
712.    
713.    
714.        <br/>CVE: CVE-2025-20257
715.    
716.         </description>
717.          
718.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
719.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw</guid>
720.      </item>
721.    
723.    
724.  <item>
725.  <!-- I2R 9899 -->
726.          <title>Cisco Identity Services Stored Cross-Site Scripting Vulnerability</title>
727.          
728.          
729.            
730.            
732.            
734.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-Yff54m73?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Stored%20Cross-Site%20Scripting%20Vulnerability%26vs_k=1</link>
735.          
736.          <description>
738. <p>A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.</p>
739. <p>This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.</p>
740.  
741. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
742. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-Yff54m73">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-Yff54m73</a></p>
743.      
744.           <br/>Security Impact Rating:  Medium
745.    
746.    
747.        <br/>CVE: CVE-2025-20267
748.    
749.         </description>
750.          
751.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
752.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-Yff54m73</guid>
753.      </item>
754.    
756.    
757.  <item>
758.  <!-- I2R 9899 -->
759.          <title>Cisco Identity Services Engine RADIUS Denial of Service Vulnerability</title>
760.          
761.          
762.            
763.            
765.            
767.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20RADIUS%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
768.          
769.          <description>
771. <p>A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p>
772. <p>This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload.</p>
773.  
774. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
775. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q</a></p>
776.      
777.           <br/>Security Impact Rating:  High
778.    
779.    
780.        <br/>CVE: CVE-2025-20152
781.    
782.         </description>
783.          
784.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
785.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q</guid>
786.      </item>
787.    
789.    
790.  <item>
791.  <!-- I2R 9899 -->
792.          <title>Cisco Duo Self-Service Portal Command Injection Vulnerability</title>
793.          
794.          
795.            
796.            
798.            
800.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-ssp-cmd-inj-RCmYrNA?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Duo%20Self-Service%20Portal%20Command%20Injection%20Vulnerability%26vs_k=1</link>
801.          
802.          <description>
804. <p>A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service.</p>
805. <p>This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users.</p>
806.  
807. <p>Cisco Duo has addressed this vulnerability in the service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability.</p>
808. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-ssp-cmd-inj-RCmYrNA">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-ssp-cmd-inj-RCmYrNA</a></p>
809.      
810.           <br/>Security Impact Rating:  Medium
811.    
812.    
813.        <br/>CVE: CVE-2025-20258
814.    
815.         </description>
816.          
817.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
818.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-ssp-cmd-inj-RCmYrNA</guid>
819.      </item>
820.    
822.    
823.  <item>
824.  <!-- I2R 9899 -->
825.          <title>Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities</title>
826.          
827.          
828.            
829.            
831.            
833.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Intelligence%20Center%20Privilege%20Escalation%20Vulnerabilities%26vs_k=1</link>
834.          
835.          <description>
836. <p>Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system.</p>
837. <p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
838. <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
839. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4</a></p>
840.      
841.           <br/>Security Impact Rating:  High
842.    
843.    
844.        <br/>CVE: CVE-2025-20113,CVE-2025-20114
845.    
846.         </description>
847.          
848.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
849.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4</guid>
850.      </item>
851.    
853.    
854.  <item>
855.  <!-- I2R 9899 -->
856.          <title>Cisco Unified Communications Products Privilege Escalation Vulnerability</title>
857.          
858.          
859.            
860.            
862.            
864.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unified%20Communications%20Products%20Privilege%20Escalation%20Vulnerability%26vs_k=1</link>
865.          
866.          <description>
868. <p>A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to <em>root </em>on an affected device.</p>
869. <p>This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain <em>root</em> privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.</p>
870.  
871. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
872. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5</a></p>
873.      
874.           <br/>Security Impact Rating:  Medium
875.    
876.    
877.        <br/>CVE: CVE-2025-20112
878.    
879.         </description>
880.          
881.  <pubDate>2025-05-21 16:00:00.0</pubDate>                  
882.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5</guid>
883.      </item>
884.    
886.    
887.  <item>
888.  <!-- I2R 9899 -->
889.          <title>Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability</title>
890.          
891.          
892.            
893.            
895.            
897.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Arbitrary%20File%20Creation%20Vulnerability%26vs_k=1</link>
898.          
899.          <description>
901. <p>A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system.</p>
902. <p>This vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected system. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the affected system.</p>
903.  
904. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
905. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ</a></p>
906.      
907.           <br/>Security Impact Rating:  Medium
908.    
909.    
910.        <br/>CVE: CVE-2025-20187
911.    
912.         </description>
913.          
914.  <pubDate>2025-05-14 20:04:53.0</pubDate>                  
915.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ</guid>
916.      </item>
917.    
919.    
920.  <item>
921.  <!-- I2R 9899 -->
922.          <title>Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability</title>
923.          
924.          
925.            
926.            
928.            
930.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Arbitrary%20File%20Overwrite%20Vulnerability%26vs_k=1</link>
931.          
932.          <description>
934. <p>A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid <em>read-only</em> credentials with CLI access on the affected system.</p>
935. <p>This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted commands on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device and gain privileges of the <em>root </em>user. To exploit this vulnerability, an attacker would need to have CLI access as a low-privilege user.</p>
936.  
937. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
938. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH</a></p>
939.      
940.           <br/>Security Impact Rating:  Medium
941.    
942.    
943.        <br/>CVE: CVE-2025-20213
944.    
945.         </description>
946.          
947.  <pubDate>2025-05-08 15:55:57.0</pubDate>                  
948.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH</guid>
949.      </item>
950.    
952.    
953.  <item>
954.  <!-- I2R 9899 -->
955.          <title>Cisco IOS XE Software Privilege Escalation Vulnerabilities</title>
956.          
957.          
958.            
959.            
961.            
963.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Privilege%20Escalation%20Vulnerabilities%26vs_k=1</link>
964.          
965.          <description>
966. <p>Multiple vulnerabilities in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to <em>root</em> on the underlying operating system of an affected device.</p>
967. <p>These vulnerabilities are due to insufficient input validation when processing specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to <em>root</em> on the underlying operating system of an affected device. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions.</p>
968. <p><strong>Note</strong>: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.</p>
969. <p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
970. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp</a></p>
971.  
972. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
973.  
974.  
975.      
976.           <br/>Security Impact Rating:  High
977.    
978.    
979.        <br/>CVE: CVE-2025-20197,CVE-2025-20198,CVE-2025-20199,CVE-2025-20200,CVE-2025-20201
980.    
981.         </description>
982.          
983.  <pubDate>2025-05-07 23:00:00.0</pubDate>                  
984.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp</guid>
985.      </item>
986.    
988.    
989.  <item>
990.  <!-- I2R 9899 -->
991.          <title>Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability</title>
992.          
993.          
994.            
995.            
997.            
999.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20for%20Cisco%20ASR%20903%20Aggregation%20Services%20Routers%20ARP%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1000.          
1001.          <description>
1003. <p>A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition.</p>
1004. <p>This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.</p>
1005.  
1006. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1007. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ</a></p>
1008.  
1009. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1010.  
1011.      
1012.           <br/>Security Impact Rating:  High
1013.    
1014.    
1015.        <br/>CVE: CVE-2025-20189
1016.    
1017.         </description>
1018.          
1019.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1020.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ</guid>
1021.      </item>
1022.    
1024.    
1025.  <item>
1026.  <!-- I2R 9899 -->
1027.          <title>Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability</title>
1028.          
1029.          
1030.            
1031.            
1033.            
1035.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Reflected%20HTML%20Injection%20Vulnerability%26vs_k=1</link>
1036.          
1037.          <description>
1039. <p>A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user.</p>
1040. <p>This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.</p>
1041.  
1042. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1043. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj</a></p>
1044.      
1045.           <br/>Security Impact Rating:  Medium
1046.    
1047.    
1048.        <br/>CVE: CVE-2025-20216
1049.    
1050.         </description>
1051.          
1052.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1053.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj</guid>
1054.      </item>
1055.    
1057.    
1058.  <item>
1059.  <!-- I2R 9899 -->
1060.          <title>Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability</title>
1061.          
1062.          
1063.            
1064.            
1066.            
1068.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS,%20IOS%20XE,%20and%20IOS%20XR%20Software%20TWAMP%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1069.          
1070.          <description>
1072. <p>A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the <strong>ipsla_ippm_server</strong> process to reload unexpectedly if debugs are enabled.</p>
1073. <p>This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.</p>
1074. <p><strong>Note:</strong> For Cisco IOS XR Software, only the <strong>ipsla_ippm_server</strong> process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:<br><br>    Security Impact Rating (SIR): Low<br>    CVSS Base Score: 3.7<br>    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</p>
1075.  
1076. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1077. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn</a></p>
1078.  
1079. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1080.  
1081.      
1082.           <br/>Security Impact Rating:  High
1083.    
1084.    
1085.        <br/>CVE: CVE-2025-20154
1086.    
1087.         </description>
1088.          
1089.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1090.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn</guid>
1091.      </item>
1092.    
1094.    
1095.  <item>
1096.  <!-- I2R 9899 -->
1097.          <title>Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability</title>
1098.          
1099.          
1100.            
1101.            
1103.            
1105.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20SNMPv3%20Configuration%20Restriction%20Vulnerability%26vs_k=1</link>
1106.          
1107.          <description>
1109. <p>A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration.</p>
1110. <p>This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Software startup configuration. An attacker could exploit this vulnerability by polling an affected device from a source address that should have been denied. A successful exploit could allow the attacker to perform SNMP operations from a source that should be denied.</p>
1111. <p><strong>Note:</strong> The attacker has no control of the SNMPv3 configuration. To exploit this vulnerability, the attacker must have valid SNMPv3 user credentials.</p>
1112. <p>For more information, see the <a href="#details">Details</a> section of this advisory.</p>
1113.  
1114. <p>Cisco has not released software updates that address this vulnerability. However, there is a new method for configuring SNMPv3 so that it will not be affected by this vulnerability. There are workarounds that address this vulnerability.</p>
1115. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy</a></p>
1116.  
1117. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1118.  
1119.      
1120.           <br/>Security Impact Rating:  Medium
1121.    
1122.    
1123.        <br/>CVE: CVE-2025-20151
1124.    
1125.         </description>
1126.          
1127.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1128.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy</guid>
1129.      </item>
1130.    
1132.    
1133.  <item>
1134.  <!-- I2R 9899 -->
1135.          <title>Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability</title>
1136.          
1137.          
1138.            
1139.            
1141.            
1143.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20SD-WAN%20Software%20Packet%20Filtering%20Bypass%20Vulnerability%26vs_k=1</link>
1144.          
1145.          <description>
1147. <p>A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. </p>
1148. <p>This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.</p>
1149.  
1150. <p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
1151. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn" rel="nofollow">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn</a></p>
1152.  
1153. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1154.  
1155.      
1156.           <br/>Security Impact Rating:  Medium
1157.    
1158.    
1159.        <br/>CVE: CVE-2025-20221
1160.    
1161.         </description>
1162.          
1163.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1164.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn</guid>
1165.      </item>
1166.    
1168.    
1169.  <item>
1170.  <!-- I2R 9899 -->
1171.          <title>Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability</title>
1172.          
1173.          
1174.            
1175.            
1177.            
1179.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Multiple%20Cisco%20Products%20Switch%20Integrated%20Security%20Features%20DHCPv6%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1180.          
1181.          <description>
1183. <p>A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.</p>
1184. <p>This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</p>
1185.  
1186. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1187. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY</a></p>
1188. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1189.      
1190.           <br/>Security Impact Rating:  High
1191.    
1192.    
1193.        <br/>CVE: CVE-2025-20191
1194.    
1195.         </description>
1196.          
1197.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1198.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY</guid>
1199.      </item>
1200.    
1202.    
1203.  <item>
1204.  <!-- I2R 9899 -->
1205.          <title>Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability</title>
1206.          
1207.          
1208.            
1209.            
1211.            
1213.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Privilege%20Escalation%20Vulnerability%26vs_k=1</link>
1214.          
1215.          <description>
1217. <p>A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the <em>root </em>user on the underlying operating system.</p>
1218. <p>This vulnerability is due to insufficient input validation. An authenticated attacker with <em>read-only</em> privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain <em>root </em>privileges on the underlying operating system.</p>
1219.  
1220. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1221. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt</a></p>
1222.      
1223.           <br/>Security Impact Rating:  High
1224.    
1225.    
1226.        <br/>CVE: CVE-2025-20122
1227.    
1228.         </description>
1229.          
1230.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1231.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt</guid>
1232.      </item>
1233.    
1235.    
1236.  <item>
1237.  <!-- I2R 9899 -->
1238.          <title>Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability</title>
1239.          
1240.          
1241.            
1242.            
1244.            
1246.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Model-Driven%20Programmability%20Authorization%20Bypass%20Vulnerability%26vs_k=1</link>
1247.          
1248.          <description>
1250. <p>A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized <em>read</em> access to configuration or operational data.</p>
1251. <p>This vulnerability exists because a subtle change in inner API call behavior causes results to be filtered incorrectly. An attacker could exploit this vulnerability by using either NETCONF, RESTCONF, or gRPC Network Management Interface (gNMI) protocols and query data on paths that may have been denied by the NACM configuration. A successful exploit could allow the attacker to access data that should have been restricted according to the NACM configuration.</p>
1252. <p><strong>Note:</strong> This vulnerability requires that the attacker obtain the credentials from a valid user with privileges lower than 15, and that NACM was configured to provide restricted <em>read</em> access for that user.</p>
1253.  
1254. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ</a></p>
1255.  
1256. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1257.  
1258.      
1259.           <br/>Security Impact Rating:  Medium
1260.    
1261.    
1262.        <br/>CVE: CVE-2025-20214
1263.    
1264.         </description>
1265.          
1266.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1267.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ</guid>
1268.      </item>
1269.    
1271.    
1272.  <item>
1273.  <!-- I2R 9899 -->
1274.          <title>Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability</title>
1275.          
1276.          
1277.            
1278.            
1280.            
1282.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software,%20Firepower%20Threat%20Defense%20Software,%20IOS%20Software,%20and%20IOS%20XE%20Software%20IKEv2%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1283.          
1284.          <description>
1286. <p>A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p>
1287. <p>This vulnerability is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition on the affected device.</p>
1288.  
1289. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1290. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2</a></p>
1291.  
1292. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1293.  
1294.      
1295.           <br/>Security Impact Rating:  High
1296.    
1297.    
1298.        <br/>CVE: CVE-2025-20182
1299.    
1300.         </description>
1301.          
1302.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1303.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2</guid>
1304.      </item>
1305.    
1307.    
1308.  <item>
1309.  <!-- I2R 9899 -->
1310.          <title>Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability</title>
1311.          
1312.          
1313.            
1314.            
1316.            
1318.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20Software%20on%20Cisco%20Catalyst%201000%20and%202960L%20Switches%20Access%20Control%20List%20Bypass%20Vulnerability%26vs_k=1</link>
1319.          
1320.          <description>
1322. <p>A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.</p>
1323. <p>This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.</p>
1324. <p><strong>Note:</strong> Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.</p>
1325.  
1326. <p>Cisco has not released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
1327. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk</a></p>
1328.      
1329.           <br/>Security Impact Rating:  Medium
1330.    
1331.    
1332.        <br/>CVE: CVE-2025-20137
1333.    
1334.         </description>
1335.          
1336.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1337.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk</guid>
1338.      </item>
1339.    
1341.    
1342.  <item>
1343.  <!-- I2R 9899 -->
1344.          <title>Cisco IOx Application Hosting Environment Denial of Service Vulnerability</title>
1345.          
1346.          
1347.            
1348.            
1350.            
1352.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOx%20Application%20Hosting%20Environment%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1353.          
1354.          <description>
1356. <p>A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition.</p>
1357. <p>This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the Cisco IOx application hosting environment to stop responding. The IOx process will need to be manually restarted to recover services.</p>
1358.  
1359. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1360. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b</a></p>
1361.  
1362. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1363.  
1364.      
1365.           <br/>Security Impact Rating:  Medium
1366.    
1367.    
1368.        <br/>CVE: CVE-2025-20196
1369.    
1370.         </description>
1371.          
1372.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1373.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b</guid>
1374.      </item>
1375.    
1377.    
1378.  <item>
1379.  <!-- I2R 9899 -->
1380.          <title>Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability</title>
1381.          
1382.          
1383.            
1384.            
1386.            
1388.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%201%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1389.          
1390.          <description>
1392. <p>A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability.</p>
1393. <p>This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.</p>
1394.  
1395. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1396. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC</a></p>
1397.  
1398. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1399.  
1400.      
1401.           <br/>Security Impact Rating:  High
1402.    
1403.    
1404.        <br/>CVE: CVE-2025-20192
1405.    
1406.         </description>
1407.          
1408.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1409.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC</guid>
1410.      </item>
1411.    
1413.    
1414.  <item>
1415.  <!-- I2R 9899 -->
1416.          <title>Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability</title>
1417.          
1418.          
1419.            
1420.            
1422.            
1424.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20DHCP%20Snooping%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1425.          
1426.          <description>
1428. <p>A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition.</p>
1429. <p>This vulnerability is due to improper handling of DHCP request packets. An attacker could exploit this vulnerability by sending DHCP request packets to an affected device. A successful exploit could allow the attacker to cause packets to wedge in the queue, creating a DoS condition for downstream devices of the affected system and requiring that the system restart to drain the queue.</p>
1430. <p><strong>Note:</strong> This vulnerability can be exploited with either unicast or broadcast DHCP packets on a VLAN that does not have DHCP snooping enabled.</p>
1431.  
1432. <p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
1433. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks</a></p>
1434.  
1435. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1436.  
1437.      
1438.           <br/>Security Impact Rating:  High
1439.    
1440.    
1441.        <br/>CVE: CVE-2025-20162
1442.    
1443.         </description>
1444.          
1445.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1446.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks</guid>
1447.      </item>
1448.    
1450.    
1451.  <item>
1452.  <!-- I2R 9899 -->
1453.          <title>Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability</title>
1454.          
1455.          
1456.            
1457.            
1459.            
1461.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20Software%20Industrial%20Ethernet%20Switch%20Device%20Manager%20Privilege%20Escalation%20Vulnerability%26vs_k=1</link>
1462.          
1463.          <description>
1465. <p>A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.</p>
1466. <p>This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.</p>
1467. <p>To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. <em>Read-only</em> DM users are assigned privilege level 5.</p>
1468.  
1469. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1470. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3</a></p>
1471. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1472.      
1473.           <br/>Security Impact Rating:  High
1474.    
1475.    
1476.        <br/>CVE: CVE-2025-20164
1477.    
1478.         </description>
1479.          
1480.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1481.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3</guid>
1482.      </item>
1483.    
1485.    
1486.  <item>
1487.  <!-- I2R 9899 -->
1488.          <title>Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability</title>
1489.          
1490.          
1491.            
1492.            
1494.            
1496.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Software%20Unauthorized%20User%20Deletion%20Vulnerability%26vs_k=1</link>
1497.          
1498.          <description>
1500. <p>A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device.</p>
1501. <p>This vulnerability is due to insufficient access control of actions executed by lobby ambassador users. An attacker could exploit this vulnerability by logging in to an affected device with a <em>lobby ambassador</em> user account and sending crafted HTTP requests to the API. A successful exploit could allow the attacker to delete arbitrary user accounts on the device, including users with administrative privileges.</p>
1502. <p><strong>Note:</strong> This vulnerability is exploitable only if the attacker obtains the credentials for a <em>lobby ambassador </em>account. This account is not configured by default.</p>
1503.  
1504. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1505. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj</a></p>
1506.  
1507. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1508.  
1509.  
1510.      
1511.           <br/>Security Impact Rating:  Medium
1512.    
1513.    
1514.        <br/>CVE: CVE-2025-20190
1515.    
1516.         </description>
1517.          
1518.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1519.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj</guid>
1520.      </item>
1521.    
1523.    
1524.  <item>
1525.  <!-- I2R 9899 -->
1526.          <title>Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability</title>
1527.          
1528.          
1529.            
1530.            
1532.            
1534.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Wireless%20Controller%20Software%20Cisco%20Discovery%20Protocol%20Denial%20of%20Service%20Vulnerability%26vs_k=1</link>
1535.          
1536.          <description>
1538. <p>A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.</p>
1539. <p>This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery Protocol (CDP) neighbor reports when they are processed by the wireless controller. An attacker could exploit this vulnerability by sending a crafted CDP packet to an AP. A successful exploit could allow the attacker to cause an unexpected reload of the wireless controller that is managing the AP, resulting in a DoS condition that affects the wireless network.</p>
1540. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1541.  
1542. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K</a></p>
1543.  
1544. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1545.  
1546.  
1547.      
1548.           <br/>Security Impact Rating:  High
1549.    
1550.    
1551.        <br/>CVE: CVE-2025-20202
1552.    
1553.         </description>
1554.          
1555.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1556.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K</guid>
1557.      </item>
1558.    
1560.    
1561.  <item>
1562.  <!-- I2R 9899 -->
1563.          <title>Cisco Catalyst Center Unauthenticated API Access Vulnerability</title>
1564.          
1565.          
1566.            
1567.            
1569.            
1571.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20Center%20Unauthenticated%20API%20Access%20Vulnerability%26vs_k=1</link>
1572.          
1573.          <description>
1575. <p>A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings.</p>
1576. <p>This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.</p>
1577.  
1578. <p><strong>Note:</strong> For information about Cisco Catalyst Center features that require an internet connection and the corresponding internet domains used, see the <a href="https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center/2-3-7/install_guide/b_cisco_catalyst_center_install_guide_237x_3rdgen/m_plan_deployment_2_x_x_3rdgen.html#concept_z4t_cd3_sfb">Required internet URLs and fully qualified domain names</a> section of the <em>Cisco Catalyst Center Third-Generation Appliance Installation Guide</em>.</p>
1579. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1580. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM</a></p>
1581.      
1582.           <br/>Security Impact Rating:  High
1583.    
1584.    
1585.        <br/>CVE: CVE-2025-20210
1586.    
1587.         </description>
1588.          
1589.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1590.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM</guid>
1591.      </item>
1592.    
1594.    
1595.  <item>
1596.  <!-- I2R 9899 -->
1597.          <title>Cisco Catalyst Center Insufficient Access Control Vulnerability</title>
1598.          
1599.          
1600.            
1601.            
1603.            
1605.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20Center%20Insufficient%20Access%20Control%20Vulnerability%26vs_k=1</link>
1606.          
1607.          <description>
1609. <p>A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device.</p>
1610. <p>This vulnerability is due to insufficient enforcement of access control on HTTP requests. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.</p>
1611.  
1612. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1613. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb</a></p>
1614.      
1615.           <br/>Security Impact Rating:  Medium
1616.    
1617.    
1618.        <br/>CVE: CVE-2025-20223
1619.    
1620.         </description>
1621.          
1622.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1623.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb</guid>
1624.      </item>
1625.    
1627.    
1628.  <item>
1629.  <!-- I2R 9899 -->
1630.          <title>Cisco Catalyst SD-WAN Manager Certificate Validation Vulnerability</title>
1631.          
1632.          
1633.            
1634.            
1636.            
1638.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Certificate%20Validation%20Vulnerability%26vs_k=1</link>
1639.          
1640.          <description>
1642. <p>A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information.</p>
1643. <p>This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services.</p>
1644.  
1645. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1646. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ</a></p>
1647.      
1648.           <br/>Security Impact Rating:  Medium
1649.    
1650.    
1651.        <br/>CVE: CVE-2025-20157
1652.    
1653.         </description>
1654.          
1655.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1656.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ</guid>
1657.      </item>
1658.    
1660.    
1661.  <item>
1662.  <!-- I2R 9899 -->
1663.          <title>Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability</title>
1664.          
1665.          
1666.            
1667.            
1669.            
1671.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20Software%20for%20Cisco%20Catalyst%202960X,%202960XR,%202960CX,%20and%203560CX%20Series%20Switches%20Secure%20Boot%20Bypass%20Vulnerability%26vs_k=1</link>
1672.          
1673.          <description>
1675. <p>A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.</p>
1676. <p>This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time.</p>
1677. <p>Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.</p>
1678.  
1679. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1680. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq</a></p>
1681.  
1682. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1683.  
1684.      
1685.           <br/>Security Impact Rating:  High
1686.    
1687.    
1688.        <br/>CVE: CVE-2025-20181
1689.    
1690.         </description>
1691.          
1692.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1693.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq</guid>
1694.      </item>
1695.    
1697.    
1698.  <item>
1699.  <!-- I2R 9899 -->
1700.          <title>Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability</title>
1701.          
1702.          
1703.            
1704.            
1706.            
1708.          <link>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Bootstrap%20Arbitrary%20File%20Write%20Vulnerability%26vs_k=1</link>
1709.          
1710.          <description>
1712. <p>A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.</p>
1713. <p>This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.</p>
1714. <p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
1715.  
1716. <p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh</a></p>
1717.  
1718. <p>This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279">Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication</a>.</p>
1719.  
1720.      
1721.           <br/>Security Impact Rating:  Medium
1722.    
1723.    
1724.        <br/>CVE: CVE-2025-20155
1725.    
1726.         </description>
1727.          
1728.  <pubDate>2025-05-07 16:00:00.0</pubDate>                  
1729.          <guid>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh</guid>
1730.      </item>
1731.    
1733.  </channel>
1734. </rss>
1735.