CVE-2025-20200 | THREATINT

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.

PUBLISHED Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-08 | Assigner cisco

MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N

Problem types

Improper Check for Unusual or Exceptional Conditions

Product status

3.7.0S

affected

3.7.1S

affected

3.7.2S

affected

3.7.3S

affected

3.7.4S

affected

3.7.5S

affected

3.7.6S

affected

3.7.7S

affected

3.7.4aS

affected

3.7.2tS

affected

3.7.0bS

affected

3.7.1aS

affected

3.3.0SG

affected

3.3.2SG

affected

3.3.1SG

affected

3.8.0S

affected

3.8.1S

affected

3.8.2S

affected

3.9.1S

affected

3.9.0S

affected

3.9.2S

affected

3.9.1aS

affected

3.9.0aS

affected

3.2.0SE

affected

3.2.1SE

affected

3.2.2SE

affected

3.2.3SE

affected

3.3.0SE

affected

3.3.1SE

affected

3.3.2SE

affected

3.3.3SE

affected

3.3.4SE

affected

3.3.5SE

affected

3.4.0SG

affected

3.4.2SG

affected

3.4.1SG

affected

3.4.3SG

affected

3.4.4SG

affected

3.4.5SG

affected

3.4.6SG

affected

3.4.7SG

affected

3.4.8SG

affected

3.5.0E

affected

3.5.1E

affected

3.5.2E

affected

3.5.3E

affected

3.11.1S

affected

3.11.2S

affected

3.11.0S

affected

3.11.3S

affected

3.11.4S

affected

3.12.0S

affected

3.12.1S

affected

3.12.2S

affected

3.12.3S

affected

3.12.0aS

affected

3.12.4S

affected

3.13.0S

affected

3.13.1S

affected

3.13.2S

affected

3.13.3S

affected

3.13.4S

affected

3.13.5S

affected

3.13.2aS

affected

3.13.0aS

affected

3.13.5aS

affected

3.13.6S

affected

3.13.7S

affected

3.13.6aS

affected

3.13.7aS

affected

3.13.8S

affected

3.13.9S

affected

3.13.10S

affected

3.6.0E

affected

3.6.1E

affected

3.6.2aE

affected

3.6.2E

affected

3.6.3E

affected

3.6.4E

affected

3.6.5E

affected

3.6.6E

affected

3.6.5aE

affected

3.6.5bE

affected

3.6.7E

affected

3.6.8E

affected

3.6.7bE

affected

3.6.9E

affected

3.6.10E

affected

3.14.0S

affected

3.14.1S

affected

3.14.2S

affected

3.14.3S

affected

3.14.4S

affected

3.15.0S

affected

3.15.1S

affected

3.15.2S

affected

3.15.1cS

affected

3.15.3S

affected

3.15.4S

affected

3.7.0E

affected

3.7.1E

affected

3.7.2E

affected

3.7.3E

affected

3.7.4E

affected

3.7.5E

affected

3.16.0S

affected

3.16.1S

affected

3.16.1aS

affected

3.16.2S

affected

3.16.2aS

affected

3.16.0cS

affected

3.16.3S

affected

3.16.2bS

affected

3.16.3aS

affected

3.16.4S

affected

3.16.4aS

affected

3.16.4bS

affected

3.16.5S

affected

3.16.4dS

affected

3.16.6S

affected

3.16.7S

affected

3.16.6bS

affected

3.16.7aS

affected

3.16.7bS

affected

3.16.8S

affected

3.16.9S

affected

3.16.10S

affected

3.17.0S

affected

3.17.1S

affected

3.17.2S

affected

3.17.1aS

affected

3.17.3S

affected

3.17.4S

affected

16.1.1

affected

16.1.2

affected

16.1.3

affected

16.2.1

affected

16.2.2

affected

3.8.0E

affected

3.8.1E

affected

3.8.2E

affected

3.8.3E

affected

3.8.4E

affected

3.8.5E

affected

3.8.5aE

affected

3.8.6E

affected

3.8.7E

affected

3.8.8E

affected

3.8.9E

affected

3.8.10E

affected

16.3.1

affected

16.3.2

affected

16.3.3

affected

16.3.1a

affected

16.3.4

affected

16.3.5

affected

16.3.5b

affected

16.3.6

affected

16.3.7

affected

16.3.8

affected

16.3.9

affected

16.3.10

affected

16.3.11

affected

16.4.1

affected

16.4.2

affected

16.4.3

affected

16.5.1

affected

16.5.1a

affected

16.5.1b

affected

16.5.2

affected

16.5.3

affected

3.18.0aS

affected

3.18.0S

affected

3.18.1S

affected

3.18.2S

affected

3.18.3S

affected

3.18.4S

affected

3.18.0SP

affected

3.18.1SP

affected

3.18.1aSP

affected

3.18.1bSP

affected

3.18.1cSP

affected

3.18.2SP

affected

3.18.2aSP

affected

3.18.3SP

affected

3.18.4SP

affected

3.18.3aSP

affected

3.18.3bSP

affected

3.18.5SP

affected

3.18.6SP

affected

3.18.7SP

affected

3.18.8aSP

affected

3.18.9SP

affected

3.9.0E

affected

3.9.1E

affected

3.9.2E

affected

16.6.1

affected

16.6.2

affected

16.6.3

affected

16.6.4

affected

16.6.5

affected

16.6.4a

affected

16.6.5a

affected

16.6.6

affected

16.6.7

affected

16.6.8

affected

16.6.9

affected

16.6.10

affected

16.7.1

affected

16.7.1a

affected

16.7.1b

affected

16.7.2

affected

16.7.3

affected

16.7.4

affected

16.8.1

affected

16.8.1a

affected

16.8.1b

affected

16.8.1s

affected

16.8.1c

affected

16.8.1d

affected

16.8.2

affected

16.8.1e

affected

16.8.3

affected

16.9.1

affected

16.9.2

affected

16.9.1a

affected

16.9.1b

affected

16.9.1s

affected

16.9.3

affected

16.9.4

affected

16.9.3a

affected

16.9.5

affected

16.9.5f

affected

16.9.6

affected

16.9.7

affected

16.9.8

affected

16.10.1

affected

16.10.1a

affected

16.10.1b

affected

16.10.1s

affected

16.10.1c

affected

16.10.1e

affected

16.10.1d

affected

16.10.2

affected

16.10.1f

affected

16.10.1g

affected

16.10.3

affected

3.10.0E

affected

3.10.1E

affected

3.10.0cE

affected

3.10.2E

affected

3.10.3E

affected

16.11.1

affected

16.11.1a

affected

16.11.1b

affected

16.11.2

affected

16.11.1s

affected

16.12.1

affected

16.12.1s

affected

16.12.1a

affected

16.12.1c

affected

16.12.1w

affected

16.12.2

affected

16.12.1y

affected

16.12.2a

affected

16.12.3

affected

16.12.8

affected

16.12.2s

affected

16.12.1x

affected

16.12.1t

affected

16.12.4

affected

16.12.3s

affected

16.12.3a

affected

16.12.4a

affected

16.12.5

affected

16.12.6

affected

16.12.1z1

affected

16.12.5a

affected

16.12.5b

affected

16.12.1z2

affected

16.12.6a

affected

16.12.7

affected

16.12.9

affected

16.12.10

affected

16.12.10a

affected

16.12.11

affected

16.12.12

affected

3.11.0E

affected

3.11.1E

affected

3.11.2E

affected

3.11.3E

affected

3.11.1aE

affected

3.11.4E

affected

3.11.3aE

affected

3.11.5E

affected

3.11.6E

affected

3.11.7E

affected

3.11.8E

affected

3.11.9E

affected

3.11.10E

affected

3.11.11E

affected

17.1.1

affected

17.1.1a

affected

17.1.1s

affected

17.1.1t

affected

17.1.3

affected

17.2.1

affected

17.2.1r

affected

17.2.1a

affected

17.2.1v

affected

17.2.2

affected

17.2.3

affected

17.3.1

affected

17.3.2

affected

17.3.3

affected

17.3.1a

affected

17.3.1w

affected

17.3.2a

affected

17.3.1x

affected

17.3.1z

affected

17.3.4

affected

17.3.5

affected

17.3.4a

affected

17.3.6

affected

17.3.4b

affected

17.3.4c

affected

17.3.5a

affected

17.3.5b

affected

17.3.7

affected

17.3.8

affected

17.3.8a

affected

17.4.1

affected

17.4.2

affected

17.4.1a

affected

17.4.1b

affected

17.4.2a

affected

17.5.1

affected

17.5.1a

affected

17.6.1

affected

17.6.2

affected

17.6.1w

affected

17.6.1a

affected

17.6.1x

affected

17.6.3

affected

17.6.1y

affected

17.6.1z

affected

17.6.3a

affected

17.6.4

affected

17.6.1z1

affected

17.6.5

affected

17.6.6

affected

17.6.6a

affected

17.6.5a

affected

17.6.7

affected

17.6.8

affected

17.6.8a

affected

17.7.1

affected

17.7.1a

affected

17.7.1b

affected

17.7.2

affected

17.10.1

affected

17.10.1a

affected

17.10.1b

affected

17.8.1

affected

17.8.1a

affected

17.9.1

affected

17.9.1w

affected

17.9.2

affected

17.9.1a

affected

17.9.1x

affected

17.9.1y

affected

17.9.3

affected

17.9.2a

affected

17.9.1x1

affected

17.9.3a

affected

17.9.4

affected

17.9.1y1

affected

17.9.5

affected

17.9.4a

affected

17.9.5a

affected

17.9.5b

affected

17.9.6

affected

17.9.6a

affected

17.9.5e

affected

17.9.5f

affected

17.11.1

affected

17.11.1a

affected

17.12.1

affected

17.12.1w

affected

17.12.1a

affected

17.12.1x

affected

17.12.2

affected

17.12.3

affected

17.12.2a

affected

17.12.1y

affected

17.12.1z

affected

17.12.4

affected

17.12.3a

affected

17.12.1z1

affected

17.12.4a

affected

17.12.4b

affected

17.13.1

affected

17.13.1a

affected

17.14.1

affected

17.14.1a

affected

17.11.99SW

affected

17.15.1

affected

17.15.1w

affected

17.15.1a

affected

17.15.1b

affected

References

sec.cloudapps.cisco.com/...y/cisco-sa-iosxe-privesc-su7scvdp (cisco-sa-iosxe-privesc-su7scvdp)

cve.org (CVE-2025-20200)

nvd.nist.gov (CVE-2025-20200)

Download JSON