Home

Description

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.

PUBLISHED Reserved 2024-10-10 | Published 2025-09-24 | Updated 2025-09-25 | Assigner cisco




HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Authentication

Product status

15.2(6)E1
affected

15.2(4)E6
affected

15.2(6)E2
affected

15.2(4)E7
affected

15.2(7)E
affected

15.2(4)E8
affected

15.2(6)E2a
affected

15.2(6)E2b
affected

15.2(7)E1
affected

15.2(7)E0a
affected

15.2(7)E0b
affected

15.2(7)E0s
affected

15.2(6)E3
affected

15.2(4)E9
affected

15.2(7)E2
affected

15.2(7a)E0b
affected

15.2(4)E10
affected

15.2(7)E3
affected

15.2(7)E1a
affected

15.2(7b)E0b
affected

15.2(7)E2a
affected

15.2(4)E10a
affected

15.2(7)E4
affected

15.2(7)E3k
affected

15.2(8)E
affected

15.2(8)E1
affected

15.2(7)E5
affected

15.2(7)E6
affected

15.2(8)E2
affected

15.2(4)E10d
affected

15.2(7)E7
affected

15.2(8)E3
affected

15.2(7)E8
affected

15.2(8)E4
affected

15.2(7)E9
affected

15.2(8)E5
affected

15.2(8)E6
affected

15.2(7)E10
affected

15.2(7)E11
affected

15.2(8)E7
affected

15.2(7)E12
affected

15.5(3)S8
affected

15.5(3)S9
affected

15.5(3)S10
affected

15.5(3)S9a
affected

15.2(6)EB
affected

15.5(3)M7
affected

15.5(3)M8
affected

15.5(3)M9
affected

15.5(3)M10
affected

15.6(2)SP5
affected

15.6(2)SP6
affected

15.6(2)SP7
affected

15.6(2)SP8
affected

15.6(2)SP9
affected

15.6(3)M4
affected

15.6(3)M5
affected

15.6(3)M6
affected

15.6(3)M7
affected

15.6(3)M6a
affected

15.6(3)M6b
affected

15.6(3)M8
affected

15.6(3)M9
affected

15.5(1)SY2
affected

15.5(1)SY3
affected

15.5(1)SY4
affected

15.5(1)SY5
affected

15.5(1)SY6
affected

15.5(1)SY7
affected

15.5(1)SY8
affected

15.5(1)SY9
affected

15.5(1)SY10
affected

15.5(1)SY11
affected

15.5(1)SY12
affected

15.5(1)SY13
affected

15.5(1)SY14
affected

15.5(1)SY15
affected

15.7(3)M3
affected

15.7(3)M2
affected

15.7(3)M4
affected

15.7(3)M5
affected

15.7(3)M4a
affected

15.7(3)M4b
affected

15.7(3)M6
affected

15.7(3)M7
affected

15.7(3)M8
affected

15.7(3)M9
affected

15.8(3)M
affected

15.8(3)M1
affected

15.8(3)M0a
affected

15.8(3)M0b
affected

15.8(3)M2
affected

15.8(3)M1a
affected

15.8(3)M3
affected

15.8(3)M2a
affected

15.8(3)M4
affected

15.8(3)M3a
affected

15.8(3)M3b
affected

15.8(3)M5
affected

15.8(3)M6
affected

15.8(3)M7
affected

15.8(3)M8
affected

15.8(3)M9
affected

15.9(3)M
affected

15.9(3)M1
affected

15.9(3)M0a
affected

15.9(3)M2
affected

15.9(3)M3
affected

15.9(3)M2a
affected

15.9(3)M3a
affected

15.9(3)M4
affected

15.9(3)M3b
affected

15.9(3)M5
affected

15.9(3)M4a
affected

15.9(3)M6
affected

15.9(3)M7
affected

15.9(3)M6a
affected

15.9(3)M6b
affected

15.9(3)M8
affected

15.9(3)M7a
affected

15.9(3)M9
affected

15.9(3)M8b
affected

15.9(3)M10
affected

15.9(3)M11
affected

3.16.8S
affected

3.16.9S
affected

3.16.10S
affected

3.8.6E
affected

3.8.7E
affected

3.8.8E
affected

3.8.9E
affected

3.8.10E
affected

3.8.10eE
affected

3.18.5SP
affected

3.18.6SP
affected

3.18.7SP
affected

3.18.8aSP
affected

3.18.9SP
affected

16.6.5
affected

16.6.5a
affected

16.6.6
affected

16.6.7
affected

16.6.8
affected

16.6.9
affected

16.6.10
affected

16.8.1
affected

16.8.1a
affected

16.8.1b
affected

16.8.1s
affected

16.8.1c
affected

16.8.1d
affected

16.8.2
affected

16.8.1e
affected

16.8.3
affected

16.9.1
affected

16.9.2
affected

16.9.1a
affected

16.9.1b
affected

16.9.1s
affected

16.9.3
affected

16.9.4
affected

16.9.3a
affected

16.9.5
affected

16.9.5f
affected

16.9.6
affected

16.9.7
affected

16.9.8
affected

16.10.1
affected

16.10.1a
affected

16.10.1b
affected

16.10.1s
affected

16.10.1c
affected

16.10.1e
affected

16.10.1d
affected

16.10.2
affected

16.10.1f
affected

16.10.1g
affected

16.10.3
affected

3.10.1E
affected

3.10.2E
affected

3.10.3E
affected

16.11.1
affected

16.11.1a
affected

16.11.1b
affected

16.11.2
affected

16.11.1s
affected

16.12.1
affected

16.12.1s
affected

16.12.1a
affected

16.12.1c
affected

16.12.1w
affected

16.12.2
affected

16.12.1y
affected

16.12.2a
affected

16.12.3
affected

16.12.8
affected

16.12.2s
affected

16.12.1x
affected

16.12.1t
affected

16.12.4
affected

16.12.3s
affected

16.12.3a
affected

16.12.4a
affected

16.12.5
affected

16.12.6
affected

16.12.1z1
affected

16.12.5a
affected

16.12.5b
affected

16.12.1z2
affected

16.12.6a
affected

16.12.7
affected

16.12.9
affected

16.12.10
affected

16.12.10a
affected

16.12.11
affected

16.12.12
affected

16.12.13
affected

3.11.0E
affected

3.11.1E
affected

3.11.2E
affected

3.11.3E
affected

3.11.1aE
affected

3.11.4E
affected

3.11.3aE
affected

3.11.5E
affected

3.11.6E
affected

3.11.7E
affected

3.11.8E
affected

3.11.9E
affected

3.11.10E
affected

3.11.11E
affected

3.11.12E
affected

17.1.1
affected

17.1.1a
affected

17.1.1s
affected

17.1.1t
affected

17.1.3
affected

17.2.1
affected

17.2.1r
affected

17.2.1a
affected

17.2.1v
affected

17.2.2
affected

17.2.3
affected

17.3.1
affected

17.3.2
affected

17.3.3
affected

17.3.1a
affected

17.3.1w
affected

17.3.2a
affected

17.3.1x
affected

17.3.1z
affected

17.3.4
affected

17.3.5
affected

17.3.4a
affected

17.3.6
affected

17.3.4b
affected

17.3.4c
affected

17.3.5a
affected

17.3.5b
affected

17.3.7
affected

17.3.8
affected

17.3.8a
affected

17.4.1
affected

17.4.2
affected

17.4.1a
affected

17.4.1b
affected

17.4.2a
affected

17.5.1
affected

17.5.1a
affected

17.6.1
affected

17.6.2
affected

17.6.1w
affected

17.6.1a
affected

17.6.1x
affected

17.6.3
affected

17.6.1y
affected

17.6.1z
affected

17.6.3a
affected

17.6.4
affected

17.6.1z1
affected

17.6.5
affected

17.6.6
affected

17.6.6a
affected

17.6.5a
affected

17.6.7
affected

17.6.8
affected

17.6.8a
affected

17.7.1
affected

17.7.1a
affected

17.7.1b
affected

17.7.2
affected

17.10.1
affected

17.10.1a
affected

17.10.1b
affected

17.8.1
affected

17.8.1a
affected

17.9.1
affected

17.9.1w
affected

17.9.2
affected

17.9.1a
affected

17.9.1x
affected

17.9.1y
affected

17.9.3
affected

17.9.2a
affected

17.9.1x1
affected

17.9.3a
affected

17.9.4
affected

17.9.1y1
affected

17.9.5
affected

17.9.4a
affected

17.9.5a
affected

17.9.5b
affected

17.9.6
affected

17.9.6a
affected

17.9.7
affected

17.9.5e
affected

17.9.5f
affected

17.9.7a
affected

17.9.7b
affected

17.11.1
affected

17.11.1a
affected

17.12.1
affected

17.12.1w
affected

17.12.1a
affected

17.12.1x
affected

17.12.2
affected

17.12.3
affected

17.12.2a
affected

17.12.1y
affected

17.12.1z
affected

17.12.4
affected

17.12.3a
affected

17.12.1z1
affected

17.12.1z2
affected

17.12.4a
affected

17.12.5
affected

17.12.4b
affected

17.12.1z3
affected

17.12.5a
affected

17.12.1z4
affected

17.12.5b
affected

17.12.5c
affected

17.13.1
affected

17.13.1a
affected

17.14.1
affected

17.14.1a
affected

17.11.99SW
affected

17.15.1
affected

17.15.1w
affected

17.15.1a
affected

17.15.2
affected

17.15.1b
affected

17.15.1x
affected

17.15.1z
affected

17.15.3
affected

17.15.2c
affected

17.15.2a
affected

17.15.1y
affected

17.15.2b
affected

17.15.3a
affected

17.15.3b
affected

References

sec.cloudapps.cisco.com/...sory/cisco-sa-ios-tacacs-hdB7thJw (cisco-sa-ios-tacacs-hdB7thJw)

cve.org (CVE-2025-20160)

nvd.nist.gov (CVE-2025-20160)

Download JSON