7.7
CVE-2025-20327
- EPSS 0.15%
- Veröffentlicht 24.09.2025 18:15:36
- Zuletzt bearbeitet 26.09.2025 14:32:53
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
IOS
Version
15.2(6)E2
Status
affected
Version
15.2(7)E
Status
affected
Version
15.2(6)E2a
Status
affected
Version
15.2(6)E2b
Status
affected
Version
15.2(7)E1
Status
affected
Version
15.2(7)E0a
Status
affected
Version
15.2(7)E0b
Status
affected
Version
15.2(7)E0s
Status
affected
Version
15.2(6)E3
Status
affected
Version
15.2(7)E2
Status
affected
Version
15.2(7a)E0b
Status
affected
Version
15.2(7)E3
Status
affected
Version
15.2(7)E1a
Status
affected
Version
15.2(7b)E0b
Status
affected
Version
15.2(7)E2a
Status
affected
Version
15.2(7)E4
Status
affected
Version
15.2(7)E3k
Status
affected
Version
15.2(8)E
Status
affected
Version
15.2(8)E1
Status
affected
Version
15.2(7)E5
Status
affected
Version
15.2(7)E6
Status
affected
Version
15.2(8)E2
Status
affected
Version
15.2(7)E7
Status
affected
Version
15.2(8)E3
Status
affected
Version
15.2(7)E8
Status
affected
Version
15.2(8)E4
Status
affected
Version
15.2(7)E9
Status
affected
Version
15.2(8)E5
Status
affected
Version
15.2(7)E10
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.363 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.