CVE-2025-20327
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-26
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web UI of Cisco IOS Software and allows an authenticated remote attacker with low privileges to cause a denial of service (DoS) on the device. It is caused by improper input validation, where an attacker can send a specially crafted URL in an HTTP request to trigger the issue. Successfully exploiting this vulnerability causes the affected device to reload, resulting in a DoS condition.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition on the affected Cisco IOS device. An attacker with low privileges who is authenticated can cause the device to reload unexpectedly, disrupting network services and potentially causing downtime.