7.7
CVE-2025-20327
- EPSS 0.15%
- Published 24.09.2025 18:15:36
- Last modified 26.09.2025 14:32:53
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorCisco
≫
Product
IOS
Version
15.2(6)E2
Status
affected
Version
15.2(7)E
Status
affected
Version
15.2(6)E2a
Status
affected
Version
15.2(6)E2b
Status
affected
Version
15.2(7)E1
Status
affected
Version
15.2(7)E0a
Status
affected
Version
15.2(7)E0b
Status
affected
Version
15.2(7)E0s
Status
affected
Version
15.2(6)E3
Status
affected
Version
15.2(7)E2
Status
affected
Version
15.2(7a)E0b
Status
affected
Version
15.2(7)E3
Status
affected
Version
15.2(7)E1a
Status
affected
Version
15.2(7b)E0b
Status
affected
Version
15.2(7)E2a
Status
affected
Version
15.2(7)E4
Status
affected
Version
15.2(7)E3k
Status
affected
Version
15.2(8)E
Status
affected
Version
15.2(8)E1
Status
affected
Version
15.2(7)E5
Status
affected
Version
15.2(7)E6
Status
affected
Version
15.2(8)E2
Status
affected
Version
15.2(7)E7
Status
affected
Version
15.2(8)E3
Status
affected
Version
15.2(7)E8
Status
affected
Version
15.2(8)E4
Status
affected
Version
15.2(7)E9
Status
affected
Version
15.2(8)E5
Status
affected
Version
15.2(7)E10
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.363 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@cisco.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.