8.3

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges.

 This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15.

 To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
Produkt IOS
Version 15.0(2)SE8
Status affected
Version 15.0(2)EA
Status affected
Version 15.0(2)EA1
Status affected
Version 15.2(2)E
Status affected
Version 15.2(2)E1
Status affected
Version 15.2(3)E1
Status affected
Version 15.2(2)E2
Status affected
Version 15.2(2)E3
Status affected
Version 15.2(2a)E2
Status affected
Version 15.2(3)E2
Status affected
Version 15.2(3)E3
Status affected
Version 15.2(2)E4
Status affected
Version 15.2(2)E5
Status affected
Version 15.2(3)E4
Status affected
Version 15.2(5)E
Status affected
Version 15.2(2)E6
Status affected
Version 15.2(5)E1
Status affected
Version 15.2(2)E5a
Status affected
Version 15.2(5a)E1
Status affected
Version 15.2(2)E7
Status affected
Version 15.2(5)E2
Status affected
Version 15.2(6)E
Status affected
Version 15.2(5)E2c
Status affected
Version 15.2(2)E8
Status affected
Version 15.2(6)E0a
Status affected
Version 15.2(6)E1
Status affected
Version 15.2(6)E0c
Status affected
Version 15.2(2)E9
Status affected
Version 15.2(7)E
Status affected
Version 15.2(2)E10
Status affected
Version 15.2(6)E2a
Status affected
Version 15.2(7)E0b
Status affected
Version 15.2(7)E0s
Status affected
Version 15.2(6)E3
Status affected
Version 15.2(7)E2
Status affected
Version 15.2(7)E3
Status affected
Version 15.2(7)E1a
Status affected
Version 15.2(7)E4
Status affected
Version 15.2(8)E
Status affected
Version 15.2(8)E1
Status affected
Version 15.2(7)E5
Status affected
Version 15.2(7)E6
Status affected
Version 15.2(8)E2
Status affected
Version 15.2(7)E7
Status affected
Version 15.2(8)E3
Status affected
Version 15.2(7)E8
Status affected
Version 15.2(8)E4
Status affected
Version 15.2(7)E9
Status affected
Version 15.2(8)E5
Status affected
Version 15.2(8)E6
Status affected
Version 15.2(7)E10
Status affected
Version 15.2(7)E11
Status affected
Version 15.2(1)EY
Status affected
Version 15.0(2)EK
Status affected
Version 15.0(2)EK1
Status affected
Version 15.2(2)EB
Status affected
Version 15.2(2)EB1
Status affected
Version 15.2(2)EB2
Status affected
Version 15.2(6)EB
Status affected
Version 15.2(2)EA
Status affected
Version 15.2(2)EA2
Status affected
Version 15.2(3)EA
Status affected
Version 15.2(4)EA
Status affected
Version 15.2(4)EA1
Status affected
Version 15.2(2)EA3
Status affected
Version 15.2(4)EA4
Status affected
Version 15.2(4)EA5
Status affected
Version 15.2(4)EA6
Status affected
Version 15.2(4)EA7
Status affected
Version 15.2(4)EA8
Status affected
Version 15.2(4)EA9
Status affected
Version 15.2(4)EA9a
Status affected
Version 15.2(4)EC1
Status affected
Version 15.2(4)EC2
Status affected
Version 15.3(3)JPU
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.379
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 8.3 2.8 5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.