CVE-2025-20207

EPSS 0.07%
Published 05.02.2025 17:15:26
Last modified 05.02.2025 17:15:26
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system.

This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorCisco

≫

Product Cisco Secure Email

Default Statusunknown

Version 14.0.0-698

Status affected

Version 13.5.1-277

Status affected

Version 13.0.0-392

Status affected

Version 14.2.0-620

Status affected

Version 13.0.5-007

Status affected

Version 13.5.4-038

Status affected

Version 14.2.1-020

Status affected

Version 14.3.0-032

Status affected

Version 15.0.0-104

Status affected

Version 15.0.1-030

Status affected

Version 15.5.0-048

Status affected

Version 15.5.1-055

Status affected

VendorCisco

≫

Product Cisco Secure Email and Web Manager

Default Statusunknown

Version 13.6.2-023

Status affected

Version 13.6.2-078

Status affected

Version 13.0.0-249

Status affected

Version 13.0.0-277

Status affected

Version 13.8.1-052

Status affected

Version 13.8.1-068

Status affected

Version 13.8.1-074

Status affected

Version 14.0.0-404

Status affected

Version 12.8.1-002

Status affected

Version 14.1.0-227

Status affected

Version 13.6.1-201

Status affected

Version 14.2.0-203

Status affected

Version 14.2.0-212

Status affected

Version 12.8.1-021

Status affected

Version 13.8.1-108

Status affected

Version 14.2.0-224

Status affected

Version 14.3.0-120

Status affected

Version 15.0.0-334

Status affected

Version 15.5.1-024

Status affected

Version 15.5.1-029

Status affected

VendorCisco

≫

Product Cisco Secure Web Appliance

Default Statusunknown

Version 11.8.0-453

Status affected

Version 12.5.3-002

Status affected

Version 12.0.3-007

Status affected

Version 12.0.3-005

Status affected

Version 14.1.0-032

Status affected

Version 14.1.0-047

Status affected

Version 14.1.0-041

Status affected

Version 12.0.4-002

Status affected

Version 14.0.2-012

Status affected

Version 11.8.0-414

Status affected

Version 12.0.1-268

Status affected

Version 11.8.1-023

Status affected

Version 11.8.3-021

Status affected

Version 11.8.3-018

Status affected

Version 12.5.1-011

Status affected

Version 11.8.4-004

Status affected

Version 12.5.2-007

Status affected

Version 12.5.2-011

Status affected

Version 14.5.0-498

Status affected

Version 12.5.4-005

Status affected

Version 12.5.4-011

Status affected

Version 12.0.5-011

Status affected

Version 14.0.3-014

Status affected

Version 12.5.5-004

Status affected

Version 12.5.5-005

Status affected

Version 12.5.5-008

Status affected

Version 14.0.4-005

Status affected

Version 14.5.1-008

Status affected

Version 14.5.1-016

Status affected

Version 15.0.0-355

Status affected

Version 15.0.0-322

Status affected

Version 12.5.6-008

Status affected

Version 15.1.0-287

Status affected

Version 14.5.2-011

Status affected

Version 15.2.0-116

Status affected

Version 14.0.5-007

Status affected

Version 15.2.0-164

Status affected

Version 14.5.1-510

Status affected

Version 12.0.2-012

Status affected

Version 12.0.2-004

Status affected

Version 14.5.1-607

Status affected

Version 14.5.3-033

Status affected

Version 12.0.1-334

Status affected

Version 14.0.1-503

Status affected

Version 14.0.1-053

Status affected

Version 11.8.0-429

Status affected

Version 14.0.1-040

Status affected

Version 14.0.1-014

Status affected

Version 12.5.1-043

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.209

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX

https://nvd.nist.gov/vuln/detail/CVE-2025-20207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20207

EUVD