CVE-2025-20149
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-26
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | * |
| cisco | ios | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the CLI of Cisco IOS and IOS XE Software. It allows an authenticated local attacker with low privileges to use specially crafted commands at the CLI prompt to cause the device to reload unexpectedly.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause the affected Cisco device to reload unexpectedly, resulting in a denial of service (DoS) condition that disrupts network availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70