Action not permitted
Modal body text goes here.
Modal Title
Modal Body
fkie_cve-2025-20312
Vulnerability from fkie_nvd
Published
2025-09-24 18:15
Modified
2025-09-26 14:32
Severity ?
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system." } ], "id": "CVE-2025-20312", "lastModified": "2025-09-26T14:32:53.583", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "psirt@cisco.com", "type": "Primary" } ] }, "published": "2025-09-24T18:15:34.947", "references": [ { "source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M" } ], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-835" } ], "source": "psirt@cisco.com", "type": "Primary" } ] }
CVE-2025-20312 (GCVE-0-2025-20312)
Vulnerability from cvelistv5
Published
2025-09-24 17:11
Modified
2025-09-24 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XE Software |
Version: 17.2.1 Version: 17.2.1r Version: 17.2.1a Version: 17.2.1v Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.1w Version: 17.3.2a Version: 17.3.1x Version: 17.3.1z Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.3.7 Version: 17.3.8 Version: 17.3.8a Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.6.1 Version: 17.6.2 Version: 17.6.1w Version: 17.6.1a Version: 17.6.1x Version: 17.6.3 Version: 17.6.1y Version: 17.6.1z Version: 17.6.3a Version: 17.6.4 Version: 17.6.1z1 Version: 17.6.5 Version: 17.6.6 Version: 17.6.6a Version: 17.6.5a Version: 17.6.7 Version: 17.6.8 Version: 17.6.8a Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.1w Version: 17.9.2 Version: 17.9.1a Version: 17.9.1x Version: 17.9.1y Version: 17.9.3 Version: 17.9.2a Version: 17.9.1x1 Version: 17.9.3a Version: 17.9.4 Version: 17.9.1y1 Version: 17.9.5 Version: 17.9.4a Version: 17.9.5a Version: 17.9.5b Version: 17.9.6 Version: 17.9.6a Version: 17.9.7 Version: 17.9.5e Version: 17.9.5f Version: 17.9.7a Version: 17.9.7b Version: 17.11.1 Version: 17.11.1a Version: 17.12.1 Version: 17.12.1w Version: 17.12.1a Version: 17.12.1x Version: 17.12.2 Version: 17.12.3 Version: 17.12.2a Version: 17.12.1y Version: 17.12.1z Version: 17.12.4 Version: 17.12.3a Version: 17.12.1z1 Version: 17.12.1z2 Version: 17.12.4a Version: 17.12.5 Version: 17.12.4b Version: 17.12.1z3 Version: 17.12.5a Version: 17.12.1z4 Version: 17.12.5b Version: 17.12.5c Version: 17.13.1 Version: 17.13.1a Version: 17.14.1 Version: 17.14.1a Version: 17.15.1 Version: 17.15.1w Version: 17.15.1a Version: 17.15.2 Version: 17.15.1b Version: 17.15.1x Version: 17.15.1z Version: 17.15.3 Version: 17.15.2c Version: 17.15.2a Version: 17.15.1y Version: 17.15.2b Version: 17.15.3a Version: 17.15.3b Version: 17.16.1 Version: 17.16.1a Version: 17.17.1 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-20312", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-24T18:14:23.368728Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-24T18:14:37.538Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.1w" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.1x" }, { "status": "affected", "version": "17.3.1z" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.6.7" }, { "status": "affected", "version": "17.6.8" }, { "status": "affected", "version": "17.6.8a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.5" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.9.5a" }, { "status": "affected", "version": "17.9.5b" }, { "status": "affected", "version": "17.9.6" }, { "status": "affected", "version": "17.9.6a" }, { "status": "affected", "version": "17.9.7" }, { "status": "affected", "version": "17.9.5e" }, { "status": "affected", "version": "17.9.5f" }, { "status": "affected", "version": "17.9.7a" }, { "status": "affected", "version": "17.9.7b" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.1x" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.3" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.12.1y" }, { "status": "affected", "version": "17.12.1z" }, { "status": "affected", "version": "17.12.4" }, { "status": "affected", "version": "17.12.3a" }, { "status": "affected", "version": "17.12.1z1" }, { "status": "affected", "version": "17.12.1z2" }, { "status": "affected", "version": "17.12.4a" }, { "status": "affected", "version": "17.12.5" }, { "status": "affected", "version": "17.12.4b" }, { "status": "affected", "version": "17.12.1z3" }, { "status": "affected", "version": "17.12.5a" }, { "status": "affected", "version": "17.12.1z4" }, { "status": "affected", "version": "17.12.5b" }, { "status": "affected", "version": "17.12.5c" }, { "status": "affected", "version": "17.13.1" }, { "status": "affected", "version": "17.13.1a" }, { "status": "affected", "version": "17.14.1" }, { "status": "affected", "version": "17.14.1a" }, { "status": "affected", "version": "17.15.1" }, { "status": "affected", "version": "17.15.1w" }, { "status": "affected", "version": "17.15.1a" }, { "status": "affected", "version": "17.15.2" }, { "status": "affected", "version": "17.15.1b" }, { "status": "affected", "version": "17.15.1x" }, { "status": "affected", "version": "17.15.1z" }, { "status": "affected", "version": "17.15.3" }, { "status": "affected", "version": "17.15.2c" }, { "status": "affected", "version": "17.15.2a" }, { "status": "affected", "version": "17.15.1y" }, { "status": "affected", "version": "17.15.2b" }, { "status": "affected", "version": "17.15.3a" }, { "status": "affected", "version": "17.15.3b" }, { "status": "affected", "version": "17.16.1" }, { "status": "affected", "version": "17.16.1a" }, { "status": "affected", "version": "17.17.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper error handling when parsing a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-24T17:11:19.897Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-snmpwred-x3MJyf5M", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M" } ], "source": { "advisory": "cisco-sa-snmpwred-x3MJyf5M", "defects": [ "CSCwp03900" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2025-20312", "datePublished": "2025-09-24T17:11:19.897Z", "dateReserved": "2024-10-10T19:15:13.253Z", "dateUpdated": "2025-09-24T18:14:37.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…