Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN294 _____________________________________________________________________ DATE : 09/05/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS, IOS XE, and IOS XR Software, Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, Cisco IOS Software Industrial Ethernet Switch Device Manager, Cisco Catalyst SD-WAN Manager, Cisco Catalyst Center, Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers, Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches, Cisco IOx Application Hosting Environment, Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches. ===================================================================== https://sec.cloudapps.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2025-May-07. The following PSIRT security advisories (1 Critical, 14 High, 14 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability - SIR: Critical 2) Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability - SIR: High 3) Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability - SIR: High 4) Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability - SIR: High 5) Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability - SIR: High 6) Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability - SIR: High 7) Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability - SIR: High 8) Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability - SIR: High 9) Cisco Catalyst Center Unauthenticated API Access Vulnerability - SIR: High 10) Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability - SIR: High 11) Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability - SIR: High 12) Cisco IOS XE Software Privilege Escalation Vulnerabilities - SIR: High 13) Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability - SIR: High 14) Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability - SIR: High 15) Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability - SIR: High 16) Cisco IOS XE Software Web-Based Management Interface Vulnerabilities - SIR: Medium 17) Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability - SIR: Medium 18) Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability - SIR: Medium 19) Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability - SIR: Medium 20) Cisco Catalyst SD-WAN Manager Certificate Validation Vulnerability - SIR: Medium 21) Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability - SIR: Medium 22) Cisco Catalyst Center Insufficient Access Control Vulnerability - SIR: Medium 23) Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability - SIR: Medium 24) Cisco IOx Application Hosting Environment Denial of Service Vulnerability - SIR: Medium 25) Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability - SIR: Medium 26) Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability - SIR: Medium 27) Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability - SIR: Medium 28) Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability - SIR: Medium 29) Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability CVE-2025-20188 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"] +-------------------------------------------------------------------- 2) Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability CVE-2025-20186 SIR: High CVSS Score v(3.1): 8.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC"] +-------------------------------------------------------------------- 3) Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability CVE-2025-20182 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2"] +-------------------------------------------------------------------- 4) Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability CVE-2025-20154 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"] +-------------------------------------------------------------------- 5) Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability CVE-2025-20162 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks"] +-------------------------------------------------------------------- 6) Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability CVE-2025-20192 SIR: High CVSS Score v(3.1): 7.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"] +-------------------------------------------------------------------- 7) Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability CVE-2025-20164 SIR: High CVSS Score v(3.1): 8.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"] +-------------------------------------------------------------------- 8) Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability CVE-2025-20122 SIR: High CVSS Score v(3.1): 7.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt"] +-------------------------------------------------------------------- 9) Cisco Catalyst Center Unauthenticated API Access Vulnerability CVE-2025-20210 SIR: High CVSS Score v(3.1): 7.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM"] +-------------------------------------------------------------------- 10) Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability CVE-2025-20202 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"] +-------------------------------------------------------------------- 11) Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability CVE-2025-20191 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY"] +-------------------------------------------------------------------- 12) Cisco IOS XE Software Privilege Escalation Vulnerabilities CVE-2025-20197, CVE-2025-20198, CVE-2025-20199, CVE-2025-20200, CVE-2025-20201 SIR: High CVSS Score v(3.1): 6.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp"] +-------------------------------------------------------------------- 13) Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability CVE-2025-20189 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ"] +-------------------------------------------------------------------- 14) Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability CVE-2025-20181 SIR: High CVSS Score v(3.0): 6.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"] +-------------------------------------------------------------------- 15) Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability CVE-2025-20140 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL"] +-------------------------------------------------------------------- 16) Cisco IOS XE Software Web-Based Management Interface Vulnerabilities CVE-2025-20193, CVE-2025-20194, CVE-2025-20195 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-multi-ARNHM4v6"] +-------------------------------------------------------------------- 17) Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability CVE-2025-20187 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ"] +-------------------------------------------------------------------- 18) Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability CVE-2025-20190 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-user-del-hQxMpUDj"] +-------------------------------------------------------------------- 19) Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability CVE-2025-20213 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH"] +-------------------------------------------------------------------- 20) Cisco Catalyst SD-WAN Manager Certificate Validation Vulnerability CVE-2025-20157 SIR: Medium CVSS Score v(3.1): 5.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ"] +-------------------------------------------------------------------- 21) Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability CVE-2025-20155 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh"] +-------------------------------------------------------------------- 22) Cisco Catalyst Center Insufficient Access Control Vulnerability CVE-2025-20223 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb"] +-------------------------------------------------------------------- 23) Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability CVE-2025-20221 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn"] +-------------------------------------------------------------------- 24) Cisco IOx Application Hosting Environment Denial of Service Vulnerability CVE-2025-20196 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b"] +-------------------------------------------------------------------- 25) Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability CVE-2025-20137 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsgacl-pg6qfZk"] +-------------------------------------------------------------------- 26) Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability CVE-2025-20216 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj"] +-------------------------------------------------------------------- 27) Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability CVE-2025-20147 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt"] +-------------------------------------------------------------------- 28) Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability CVE-2025-20214 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-netconf-nacm-bypass-TGZV9pmQ"] +-------------------------------------------------------------------- 29) Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability CVE-2025-20151 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================