CVE-2025-20172

{"id": "CVE-2025-20172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2025-02-05T17:15:24.020", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload. \r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system."}, {"lang": "es", "value": "Una vulnerabilidad en el subsistema SNMP de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software podr\u00eda permitir que un atacante remoto autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de errores al analizar solicitudes SNMP. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud SNMP manipulada a un dispositivo afectado. En el caso de Cisco IOS e IOS XE Software, una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el dispositivo se recargue inesperadamente, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio (DoS). En el caso de Cisco IOS XR Software, una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el proceso SNMP se reinicie, lo que genera una respuesta SNMP interrumpida de un dispositivo afectado. Los dispositivos que ejecutan Cisco IOS XR Software no se recargar\u00e1n. Esta vulnerabilidad afecta a las versiones 1, 2c y 3 de SNMP. Para aprovechar esta vulnerabilidad a trav\u00e9s de SNMP v2c o anterior, el atacante debe conocer una cadena de comunidad SNMP v\u00e1lida de lectura y escritura o de solo lectura para el sistema afectado. Para explotar esta vulnerabilidad a trav\u00e9s de SNMP v3, el atacante debe tener credenciales de usuario SNMP v\u00e1lidas para el sistema afectado."}], "lastModified": "2025-03-13T13:15:47.110", "sourceIdentifier": "psirt@cisco.com"}