Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20127

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-14 Aug, 2025 | 16:28
Updated At-14 Aug, 2025 | 19:21
Rejected At-
Credits

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 3100 and 4200 Series TLS Cipher Denial of Service Vulnerability

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition. Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:14 Aug, 2025 | 16:28
Updated At:14 Aug, 2025 | 19:21
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 3100 and 4200 Series TLS Cipher Denial of Service Vulnerability

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition. Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Default Status
unknown
Versions
Affected
  • 9.20.1
  • 9.20.1.5
  • 9.20.2
  • 9.20.2.10
  • 9.20.2.21
  • 9.20.2.22
  • 9.20.3
  • 9.22.1.1
  • 9.20.3.4
  • 9.20.3.7
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Firepower Threat Defense Software
Default Status
unknown
Versions
Affected
  • 7.4.0
  • 7.4.1
  • 7.4.1.1
  • 7.4.2
  • 7.6.0
  • 7.4.2.1
Problem Types
TypeCWE IDDescription
cweCWE-404Improper Resource Shutdown or Release
Type: cwe
CWE ID: CWE-404
Description: Improper Resource Shutdown or Release
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:14 Aug, 2025 | 17:15
Updated At:25 Aug, 2025 | 14:35

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition. Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.4.0
cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.4.1
cpe:2.3:a:cisco:firepower_threat_defense:7.4.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.4.1.1
cpe:2.3:a:cisco:firepower_threat_defense:7.4.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.4.2
cpe:2.3:a:cisco:firepower_threat_defense:7.4.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.4.2.1
cpe:2.3:a:cisco:firepower_threat_defense:7.4.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>7.6.0
cpe:2.3:a:cisco:firepower_threat_defense:7.6.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3105>>-
cpe:2.3:h:cisco:secure_firewall_3105:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3110>>-
cpe:2.3:h:cisco:secure_firewall_3110:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3120>>-
cpe:2.3:h:cisco:secure_firewall_3120:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3130>>-
cpe:2.3:h:cisco:secure_firewall_3130:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3140>>-
cpe:2.3:h:cisco:secure_firewall_3140:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4215>>-
cpe:2.3:h:cisco:secure_firewall_4215:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4225>>-
cpe:2.3:h:cisco:secure_firewall_4225:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4245>>-
cpe:2.3:h:cisco:secure_firewall_4245:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.1.5
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.2
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.2.10
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.2.21
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.21:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.2.22
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.22:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.3
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.3.4
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.3.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.20.3.7
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.3.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>9.22.1.1
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.22.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3105>>-
cpe:2.3:h:cisco:secure_firewall_3105:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3110>>-
cpe:2.3:h:cisco:secure_firewall_3110:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3120>>-
cpe:2.3:h:cisco:secure_firewall_3120:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3130>>-
cpe:2.3:h:cisco:secure_firewall_3130:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_3140>>-
cpe:2.3:h:cisco:secure_firewall_3140:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4215>>-
cpe:2.3:h:cisco:secure_firewall_4215:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4225>>-
cpe:2.3:h:cisco:secure_firewall_4225:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_firewall_4245>>-
cpe:2.3:h:cisco:secure_firewall_4245:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-404Primarypsirt@cisco.com
CWE ID: CWE-404
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54psirt@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54
Source: psirt@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

43Records found
CVE-2023-20200
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.40% / 60.16%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 18:20
Updated-01 Jul, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4112ucs_6324_fabric_interconnectucs_6332-16up_fabric_interconnectucs_6324_fabric_interconnect_firmwareucs_6332_fabric_interconnectucs_6332_fabric_interconnect_firmwareucs_6332-16up_fabric_interconnect_firmwarefirepower_4145firepower_4112_firmwarefirepower_9300_firmwarefirepower_4115firepower_4125firepower_4143_firmwarefirepower_4125_firmwareCisco Unified Computing System (Managed)Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-20268
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:06
Updated-01 Aug, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-231
Improper Handling of Extra Values
CVE-2024-20408
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 25.42%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:37
Updated-01 Aug, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credentials on the affected device. This vulnerability is due to improper validation of data in HTTPS POST requests. An attacker could exploit this vulnerability by sending a crafted HTTPS POST request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2018-0209
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-sf500-48psg500x-24sf500-48sg500x-24psf500-24mpsg500-52sg500-28mppsf500-24psg500-52psf500-24sg500-52mpsg500x-48psg500x-48mpsg500-28sg500x-48sg500xg-8f8tsg500-28psf500-48mpsmall_business_500_series_stackable_managed_switches_firmwaresg500x-24mppCisco 550X Series Stackable Managed Switches
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1623
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.31% / 53.56%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability is due to the punt path being overwhelmed by large quantities of SNMP requests. An attacker could exploit this vulnerability by sending a large number of SNMP requests to an affected device. A successful exploit could allow the attacker to overload the device punt path, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecbr-8Cisco IOS XE Software
CWE ID-CWE-399
Not Available
CVE-2021-1422
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 12:25
Updated-07 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2140firepower_2120ftd_virtualadaptive_security_appliance_softwarefirepower_2130firepower_2100firepower_2110firepower_threat_defenseadaptive_security_virtual_applianceCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-617
Reachable Assertion
CVE-2021-1620
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.40% / 59.63%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:31
Updated-07 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850catalyst_3650catalyst_3650-12x48urcatalyst_3850-16xs-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_router4461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300l-48t-4x-acatalyst_3650-24pdmcatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_9800-80_wireless_controllercatalyst_3650-8x24uq-less-3300-ncp-acatalyst_8300-1n1s-6tcatalyst_3650-24pd-lcatalyst_3650-24td-lcatalyst_3650-24pd-scatalyst_3650-24ts-lcatalyst_9300l-24t-4g-ec9500-24qcatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_9800-clcatalyst_9300-48p-ecatalyst_3650-8x24pd-ecatalyst_9300-48t-ecatalyst_3850-24xu-easr_1002_fixed_routercatalyst_3650-12x48uq-ec9500-32cess-3300-24t-con-ecatalyst_3650-8x24uqcatalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrisrvcatalyst_3650-24pdm-scatalyst_3850-24xucatalyst_9300-48uxm-ecatalyst_3650-12x48ur-e1109_integrated_services_routercatalyst_9400c9500-40xcatalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-12x48fd-s1111x_integrated_services_routercatalyst_9600_supervisor_engine-1ess-3300-24t-con-acatalyst_3650-12x48uq-lcatalyst_9800-40catalyst_9300l-48p-4x-acatalyst_9800catalyst_3650-8x24uq-scatalyst_3650-48tq-lcatalyst_9300-48u-a1100-4p_integrated_services_routercatalyst_ess9300catalyst_3650-48fq-scatalyst_ie3200_rugged_switchcatalyst_3850-48t-ecatalyst_cg522-ecatalyst_3650-48pq-s1101_integrated_services_routercatalyst_3650-48fqm-less-3300-24t-ncp-acatalyst_3850-12s-scatalyst_3850-24u-s1100_integrated_services_routercatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rcatalyst_3650-12x48uz-sasr_1006-xcatalyst_9300l-24p-4g-aess-3300-24t-ncp-ecatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500catalyst_3650-12x48fd-e4221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_ie3400_heavy_duty_switchcatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-easr_1002-xcatalyst_9300l8800_18-slotcatalyst_3650-12x48uq-scatalyst_3650-12x48uz-ecatalyst_ie3400_rugged_switch4451-x_integrated_services_routerc9500-32qccatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_8510csrasr_1002-hx1109-2p_integrated_services_routerasr_1000-esp100catalyst_9300-48t-acatalyst_3850-12s-ecatalyst_8500catalyst_3850-24t-ecatalyst_3650-24ts-scatalyst_3650-24ps-e4321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_ie3300_rugged_switchcatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-easr_1000csr_1000vcatalyst_3650-48ts-ecatalyst_3850-48p-lcatalyst_8300-2n2s-4t2x88081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gcatalyst_3850-12xs-ecatalyst_8540csrcatalyst_3850-32xs-ecatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24p-scatalyst_3650-24pdm-lcatalyst_3850-24ucatalyst_9300l_stackasr_1000-xcatalyst_9300l-24p-4g-ecatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_3650-48td-s111x_integrated_services_routercatalyst_9800-lasr_1013catalyst_8540msrcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gcbr-8catalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_9300-24t-ecatalyst_3650-12x48uzcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9407rcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200catalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_9300l-48t-4g-aasr_1000_series_route_processor_\(rp2\)asr_1000_series_route_processor_\(rp3\)catalyst_3650-48tq-scatalyst_cg418-ecatalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tcatalyst_9300l-48p-4x-eess-3300-con-acatalyst_3650-48fd-eess-3300-ncp-ecatalyst_3650-48fq-ecatalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3650-12x48fd-lcatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-24xu-s4451_integrated_services_routercatalyst_3650-48fqmcatalyst_3650-48td-lcatalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1ess-3300-con-ecatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_9300l-24t-4g-acatalyst_3850-48f-sc9500-12qcatalyst_3650-12x48ur-l8800_8-slotasr_1001-hx_rcatalyst_3650-24pdcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_router1000_integrated_services_routerc9500-16xcatalyst_9300-48uxm-aasr_102388128818c8200-1n-4tcatalyst_9300-24p-acatalyst_3650-48ps-lasr_10011100-4g\/6g_integrated_services_routeresr6300catalyst_3850-48xs-ecatalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lasr_1001-hxcatalyst_3650-48fqcatalyst_3650-48fq-lasr_1009-xcatalyst_9300-24u-ecatalyst_3850-12x48ucatalyst_3650-48pd-scatalyst_9300-48un-aasr_1001-x_rcatalyst_3650-24pd-ecatalyst_3650-12x48uz-lioscatalyst_9300-24p-easr_1002-x_rcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routercatalyst_3850-24xsc8200l-1n-4t8800_4-slotcatalyst_3650-48ps-s4431_integrated_services_routercatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_routerc9500-48y4c1109-4p_integrated_services_router8800_12-slotasr_1001-xcatalyst_3650-48ts-sc9500-24y4ccatalyst_3650-48ps-ecatalyst_9300-24ux-e4351_integrated_services_routerCisco IOS
CWE ID-CWE-563
Assignment to Variable without Use
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-20175
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20176
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:38
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-248
Uncaught Exception
CVE-2025-20171
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:38
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosIOSCisco IOS XE Software
CWE ID-CWE-248
Uncaught Exception
CVE-2025-20173
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:35
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosIOSCisco IOS XE Software
CWE ID-CWE-248
Uncaught Exception
CVE-2025-20174
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20169
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:40
Updated-03 Jul, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2025-20172
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:37
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. For Cisco IOS XR Software, a successful exploit could allow the attacker to cause the SNMP process to restart, resulting in an interrupted SNMP response from an affected device. Devices that are running Cisco IOS XR Software will not reload.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xriosIOSCisco IOS XE SoftwareCisco IOS XR Software
CWE ID-CWE-248
Uncaught Exception
CVE-2025-20244
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.13% / 33.67%
||
7 Day CHG+0.03%
Published-14 Aug, 2025 | 16:29
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Adaptive Security Appliance (ASA) SoftwareCisco Firepower Threat Defense Software
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-20192
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.20% / 42.53%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:36
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. This vulnerability is due to improper validation of IKEv1 phase 2 parameters before the IPsec security association creation request is handed off to the hardware cryptographic accelerator of an affected device. An attacker could exploit this vulnerability by sending crafted IKEv1 messages to the affected device. A successful exploit could allow the attacker to cause the device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XE Software
CWE ID-CWE-232
Improper Handling of Undefined Values
CVE-2025-20212
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.17% / 39.14%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 16:15
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Meraki MX Firmware
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2020-3235
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 51.78%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:55
Updated-15 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

Action-Not Available
Vendor-Oracle CorporationCisco Systems, Inc.
Product-ios_xeioscatalyst_4506-ecatalyst_4507r\+ecatalyst_4503-ecatalyst_4510r\+egoldengate_management_packCisco IOS 12.2(53)SG1
CWE ID-CWE-118
Incorrect Access of Indexable Resource ('Range Error')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3232
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:55
Updated-15 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeasr_920-12sz-imCisco ASR 920 Series Aggregation Services Router
CWE ID-CWE-19
Not Available
CVE-2020-3467
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.13% / 33.34%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 04:20
Updated-13 Nov, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-3200
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:45
Updated-15 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS 12.2(58)SE
CWE ID-CWE-371
Not Available
CWE ID-CWE-436
Interpretation Conflict
CVE-2022-20924
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:30
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20679
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.80% / 73.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IPSec Denial of Service Vulnerability

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit could allow the attacker to cause the device to reload. To exploit this vulnerability, the attacker may need access to the trusted network where the affected device is in order to send specific packets to be processed by the device. All network devices between the attacker and the affected device must support an MTU of 1800 bytes or greater. This access requirement could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20170
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:39
Updated-03 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE SoftwareIOS
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2022-20927
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.14% / 34.57%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:30
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_services_software_for_asafirepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) SoftwareCisco FirePOWER Services Software for ASA
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20920
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-01 Aug, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this vulnerability by continuously connecting to an affected device and sending specific SSH requests. A successful exploit could allow the attacker to cause the affected device to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-20808
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.56% / 67.16%
||
7 Day CHG-0.52%
Published-06 Jul, 2022 | 20:30
Updated-06 Nov, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager On-Prem Denial of Service Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_on-premCisco Smart Software Manager On-Prem
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-20692
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.36% / 57.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-1806
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 21:45
Updated-21 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sg500xg8f8tsg250-10p_firmwaresf550x-48mpsf250-24psg300-10p_firmwaresg300-52_firmwaresf500-24mp_firmwaresg250-18_firmwaresg500-52mp_firmwaresg250x-24p_firmwaresg300-52sg250x-24psg200-26sg250-18sg500-28sg500x-48sg550x-48p_firmwaresg200-50p_firmwaresg200-26_firmwaresx550x-24sf200-24_firmwaresg300-20sg500-28psf250-24p_firmwaresx550x-12fsf200-48sf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf300-24_firmwaresf300-48psg500-52sf300-24mp_firmwaresg500-28mpp_firmwaresf550x-24mp_firmwaresg500-52psg350-28sg500-52_firmwaresf250-24sf550x-48p_firmwaresf300-24ppsg550x-48psg500x24mppsg250x-24_firmwaresg250-50hp_firmwaresx550x-24ft_firmwaresg300-10mpp_firmwaresg250x-24sf550x-48_firmwaresg200-50sg300-52mpsg350-10p_firmwaresf200-48p_firmwaresg200-50psf302-08p_firmwaresg350-10psg355-10psg500-52mpsx550x-16ft_firmwaresg250-50psg300-52pesw2-550x48dc_firmwaresf250-48sg250-26hpsg250x-48p_firmwaresg300-20_firmwaresf500-24p_firmwaresg500x-48mp_firmwaresf500-48sg300-10sfpsf500-24mpsg550x-24_firmwaresg250x-48_firmwaresg300-28_firmwaresf302-08psf500-24psg500-28mppsf200-24p_firmwaresg250-50p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg250-26sg300-10sfp_firmwaresg250x-48sf550x-48mp_firmwaresg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg500x24mpp_firmwaresg300-28ppsg500xg8f8t_firmwaresg300-52mp_firmwaresf500-48_firmwaresg500-28p_firmwaresg350-10mpsf550x-48psg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf200-24sx550x-24fsg500x-48psg250-26_firmwaresg350-10mp_firmwaresf302-08mpp_firmwaresg500x-48p_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf500-48mpsf300-48ppsg500x-24_firmwareesw2-550x48dcsg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg300-10mpsg550x-24sf300-08sg300-10ppsg250-50_firmwaresf350-48_firmwaresg250-10psx550x-24f_firmwaresg250-08sg350-28psg250-26hp_firmwareesw2-350g52dc_firmwaresg200-26p_firmwaresf550x-48sg300-28sx550x-52_firmwaresg350-28_firmwaresg300-10_firmwaresg250-08hpsg350-10sg550x-24mpsg500x-24sf300-24p_firmwaresx550x-16ftsg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg250x-48psg500x-24p_firmwaresg250-26psg300-10pp_firmwaresf500-24sg300-10sf550x-24psf300-48p_firmwaresf350-48mpsg250-50sg300-10mppsg550x-24p_firmwaresg300-28psf300-24sg200-26psf200-48psf300-24psg550x-24psg300-28sfpsf302-08mppsf302-08mpsg550x-48sf300-48pp_firmwaresf250-48_firmwaresg250-08_firmwaresf300-24mpsg300-28mp_firmwareesw2-350g52dcsf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg250-50hpsg550x-24mpp_firmwaresf250-48hpsg200-18sg200-50_firmwaresg500x-48_firmwaresg500x-48mpsf300-08_firmwaresg250-26p_firmwaresf200-48_firmwaresx550x-24_firmwaresg300-28sfp_firmwaresg500-28_firmwaresf500-24_firmwaresg250-08hp_firmwaresf500-48mp_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco 550X Series Stackable Managed Switches
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-34699
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.79% / 72.84%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-18 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-435
Improper Interaction Between Multiple Correctly-Behaving Entities
CWE ID-CWE-436
Interpretation Conflict
CVE-2019-1965
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.05% / 76.61%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 18:55
Updated-21 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability

A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_56128pucs_6332-16upucs-6296upnx-osnexus_3636c-rn9k-c9236c7000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-c9504-fm-rmds_9506n7k-f248xp-25en9k-x96136yc-rmds_9250in9k-c93180yc-exn77-f324fq-25n9k-x9636q-rnexus_5020nexus_7700_supervisor_2e7700_2-slotx9636q-rnexus_5548pnexus_5648qmds_9718n9k-c9272qn9k-x9732c-exn7k-f306ck-25mds_9148smds_9513nexus_36180yc-rmds_9148tnexus_5672upn77-f312ck-26mds_9132tn7k-m348xp-25lmds_95097000_4-slotn9k-x9636c-rxn9k-x9736c-fxmds_9706nexus_5596upmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23lmds_9216anexus_5696qx96136yc-rn77-f348xp-23ucs_6248up7000_18-slotn77-m324fq-25lnexus_3048nexus_6001n7k-m202cf-22ln9k-c9508-fm-rucs_6324n9k-c93180yc-fxn7k-f312fq-25mds_9396t7000_9-slotmds_9396sx9636c-rucs_6332n77-m312cq-26lnexus_5548upn7k-m324fq-25lmds_9222inexus_5010nexus_7000_supervisor_2ex9636c-rx7700_10-slotn77-f430cq-36n77-m348xp-23lmds_9216i7700_18-slotnexus_5596tn9k-c92160yc-xnexus_5624qmds_9710n9k-c93180lc-exn9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-15966
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.85% / 73.97%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 19:05
Updated-21 Nov, 2024 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_advanced_media_gatewayCisco TelePresence Advanced Media Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20042
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 41.49%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:11
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-3338
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.97%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 15:40
Updated-13 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_7000nexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software 5.2(1)
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2017-6627
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-10.89% / 93.11%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xeCisco IOS and Cisco IOS XEIOS and IOS XE Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-3555
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 68.35%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:41
Updated-13 Nov, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-1708
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5506w-xasa-5506-xasa_5545-xadaptive_security_appliance_softwareasa_5516-xasa_5506h-xasa-5525-xasa_5508-xasa-5555-xfirepower_threat_defenseCisco Firepower Threat Defense (FTD) SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-40122
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 58.38%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 02:50
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meeting Server Call Bridge Denial of Service Vulnerability

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-399
Not Available
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-1706
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.54% / 66.71%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa-5545-xasa-5506-xasa-5516-xasa-5506h-xasa-5506w-xadaptive_security_appliance_softwareasa-5508-xasa-5525-xasa-5555-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-1705
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.01%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:10
Updated-19 Nov, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5506w-xasa_5506-xasa_5545-xadaptive_security_appliance_softwareasa_5516-xasa_5555-xasa_5525-xasa_5506h-xasa_5508-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-15262
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.93% / 85.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-5520_wireless_lan_controller_firmware5520_wireless_lan_controller5508_wireless_lan_controller_firmware5508_wireless_lan_controllerCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-12625
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:15
Updated-19 Nov, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV Zip Bomb Vulnerability

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-26070
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 02:05
Updated-13 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9000vasr_9910asr_9906asr_9904asr_9006asr_9903asr_9912asr_9010asr_9922asr_9001ios_xrasr_9901Cisco IOS XR Software
CWE ID-CWE-404
Improper Resource Shutdown or Release
Details not found