admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-05 17:00:34 +00:00
parent f6d596db9b
commit 69ab4d4081
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 58251 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
2025/20xxx/CVE-2025-20124.json
View File

@ -1,17 +1,237 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.\r\n\r\nThis vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges.\r\nNote: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
},
{
"product_name": "Cisco ISE Passive Identity Connector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multivuls-FTW9AOXF",
"discovery": "EXTERNAL",
"defects": [
"CSCwk14916"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

228
2025/20xxx/CVE-2025-20125.json
View File

@ -1,17 +1,237 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node.\r\n\r\nThis vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device.\r\nNote: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
}
]
}
},
{
"product_name": "Cisco ISE Passive Identity Connector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF"
}
]
},
"source": {
"advisory": "cisco-sa-ise-multivuls-FTW9AOXF",
"discovery": "EXTERNAL",
"defects": [
"CSCwk14901"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
}
]
}

13668
2025/20xxx/CVE-2025-20169.json
View File

File diff suppressed because it is too large Load Diff

13667
2025/20xxx/CVE-2025-20170.json
View File

File diff suppressed because it is too large Load Diff

6403
2025/20xxx/CVE-2025-20171.json
View File

File diff suppressed because it is too large Load Diff

4703
2025/20xxx/CVE-2025-20172.json
View File

File diff suppressed because it is too large Load Diff

5731
2025/20xxx/CVE-2025-20173.json
View File

File diff suppressed because it is too large Load Diff

1999
2025/20xxx/CVE-2025-20174.json
View File

File diff suppressed because it is too large Load Diff

5479
2025/20xxx/CVE-2025-20175.json
View File

File diff suppressed because it is too large Load Diff

3651
2025/20xxx/CVE-2025-20176.json
View File

File diff suppressed because it is too large Load Diff

405
2025/20xxx/CVE-2025-20179.json
View File

@ -1,17 +1,414 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X14.0.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
},
{
"version_affected": "=",
"version_value": "X14.3.3"
},
{
"version_affected": "=",
"version_value": "X15.0.0"
},
{
"version_affected": "=",
"version_value": "X14.3.4"
},
{
"version_affected": "=",
"version_value": "X14.3.5"
},
{
"version_affected": "=",
"version_value": "X15.0.1"
},
{
"version_affected": "=",
"version_value": "X15.0.2"
},
{
"version_affected": "=",
"version_value": "X15.0.3"
},
{
"version_affected": "=",
"version_value": "X14.3.6"
},
{
"version_affected": "=",
"version_value": "X15.2.0"
},
{
"version_affected": "=",
"version_value": "X15.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-xss-uexUZrEW",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-xss-uexUZrEW"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-xss-uexUZrEW",
"discovery": "EXTERNAL",
"defects": [
"CSCwn01191"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

240
2025/20xxx/CVE-2025-20180.json
View File

@ -1,17 +1,249 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "13.0.5-007"
},
{
"version_affected": "=",
"version_value": "13.5.4-038"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-032"
},
{
"version_affected": "=",
"version_value": "15.0.0-104"
},
{
"version_affected": "=",
"version_value": "15.0.1-030"
},
{
"version_affected": "=",
"version_value": "15.5.0-048"
},
{
"version_affected": "=",
"version_value": "15.5.1-055"
},
{
"version_affected": "=",
"version_value": "15.5.2-018"
},
{
"version_affected": "=",
"version_value": "16.0.0-050"
},
{
"version_affected": "=",
"version_value": "15.0.3-002"
},
{
"version_affected": "=",
"version_value": "16.0.0-054"
}
]
}
},
{
"product_name": "Cisco Secure Email and Web Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.6.2-023"
},
{
"version_affected": "=",
"version_value": "13.6.2-078"
},
{
"version_affected": "=",
"version_value": "13.0.0-249"
},
{
"version_affected": "=",
"version_value": "13.0.0-277"
},
{
"version_affected": "=",
"version_value": "13.8.1-052"
},
{
"version_affected": "=",
"version_value": "13.8.1-068"
},
{
"version_affected": "=",
"version_value": "13.8.1-074"
},
{
"version_affected": "=",
"version_value": "14.0.0-404"
},
{
"version_affected": "=",
"version_value": "12.8.1-002"
},
{
"version_affected": "=",
"version_value": "14.1.0-227"
},
{
"version_affected": "=",
"version_value": "13.6.1-201"
},
{
"version_affected": "=",
"version_value": "14.2.0-203"
},
{
"version_affected": "=",
"version_value": "14.2.0-212"
},
{
"version_affected": "=",
"version_value": "12.8.1-021"
},
{
"version_affected": "=",
"version_value": "13.8.1-108"
},
{
"version_affected": "=",
"version_value": "14.2.0-224"
},
{
"version_affected": "=",
"version_value": "14.3.0-120"
},
{
"version_affected": "=",
"version_value": "15.0.0-334"
},
{
"version_affected": "=",
"version_value": "15.5.1-024"
},
{
"version_affected": "=",
"version_value": "15.5.1-029"
},
{
"version_affected": "=",
"version_value": "15.5.2-005"
},
{
"version_affected": "=",
"version_value": "16.0.0-195"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-xss-WCk2WcuG"
}
]
},
"source": {
"advisory": "cisco-sa-esa-sma-xss-WCk2WcuG",
"discovery": "INTERNAL",
"defects": [
"CSCwn25954"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

285
2025/20xxx/CVE-2025-20183.json
View File

@ -1,17 +1,294 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. \r\n\r\nThe vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.8.0-453"
},
{
"version_affected": "=",
"version_value": "12.5.3-002"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.0.3-005"
},
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "12.0.4-002"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "11.8.4-004"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.4-011"
},
{
"version_affected": "=",
"version_value": "12.0.5-011"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "12.5.5-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-008"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "12.5.6-008"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "15.2.0-116"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.2.0-164"
},
{
"version_affected": "=",
"version_value": "14.5.1-510"
},
{
"version_affected": "=",
"version_value": "12.0.2-012"
},
{
"version_affected": "=",
"version_value": "12.0.2-004"
},
{
"version_affected": "=",
"version_value": "14.5.1-607"
},
{
"version_affected": "=",
"version_value": "14.5.3-033"
},
{
"version_affected": "=",
"version_value": "14.5.0-673"
},
{
"version_affected": "=",
"version_value": "14.5.0-537"
},
{
"version_affected": "=",
"version_value": "12.0.1-334"
},
{
"version_affected": "=",
"version_value": "14.0.1-503"
},
{
"version_affected": "=",
"version_value": "14.0.1-053"
},
{
"version_affected": "=",
"version_value": "11.8.0-429"
},
{
"version_affected": "=",
"version_value": "14.0.1-040"
},
{
"version_affected": "=",
"version_value": "14.0.1-014"
},
{
"version_affected": "=",
"version_value": "12.5.1-043"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu"
}
]
},
"source": {
"advisory": "cisco-sa-swa-range-bypass-2BsEHYSu",
"discovery": "EXTERNAL",
"defects": [
"CSCwk58287"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

360
2025/20xxx/CVE-2025-20184.json
View File

@ -1,17 +1,369 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials.\r\n\r\nThis vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "13.0.5-007"
},
{
"version_affected": "=",
"version_value": "13.5.4-038"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-032"
},
{
"version_affected": "=",
"version_value": "15.0.0-104"
},
{
"version_affected": "=",
"version_value": "15.0.1-030"
},
{
"version_affected": "=",
"version_value": "15.5.0-048"
},
{
"version_affected": "=",
"version_value": "15.5.1-055"
},
{
"version_affected": "=",
"version_value": "15.5.2-018"
},
{
"version_affected": "=",
"version_value": "15.0.3-002"
},
{
"version_affected": "=",
"version_value": "15.5.3-022"
}
]
}
},
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.8.0-453"
},
{
"version_affected": "=",
"version_value": "12.5.3-002"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.0.3-005"
},
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "12.0.4-002"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "11.8.4-004"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.4-011"
},
{
"version_affected": "=",
"version_value": "12.0.5-011"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "12.5.5-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-008"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "12.5.6-008"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "15.2.0-116"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.2.0-164"
},
{
"version_affected": "=",
"version_value": "14.5.1-510"
},
{
"version_affected": "=",
"version_value": "12.0.2-012"
},
{
"version_affected": "=",
"version_value": "12.0.2-004"
},
{
"version_affected": "=",
"version_value": "14.5.1-607"
},
{
"version_affected": "=",
"version_value": "14.5.3-033"
},
{
"version_affected": "=",
"version_value": "15.0.1-004"
},
{
"version_affected": "=",
"version_value": "15.2.1-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-673"
},
{
"version_affected": "=",
"version_value": "14.5.0-537"
},
{
"version_affected": "=",
"version_value": "12.0.1-334"
},
{
"version_affected": "=",
"version_value": "14.0.1-503"
},
{
"version_affected": "=",
"version_value": "14.0.1-053"
},
{
"version_affected": "=",
"version_value": "11.8.0-429"
},
{
"version_affected": "=",
"version_value": "14.0.1-040"
},
{
"version_affected": "=",
"version_value": "14.0.1-014"
},
{
"version_affected": "=",
"version_value": "12.5.1-043"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34"
}
]
},
"source": {
"advisory": "cisco-sa-esa-sma-wsa-multi-yKUJhS34",
"discovery": "EXTERNAL",
"defects": [
"CSCwk70559"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

447
2025/20xxx/CVE-2025-20185.json
View File

@ -1,17 +1,456 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.\r\n\r\nThis vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system.\r\nNote: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "13.0.5-007"
},
{
"version_affected": "=",
"version_value": "13.5.4-038"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-032"
},
{
"version_affected": "=",
"version_value": "15.0.0-104"
},
{
"version_affected": "=",
"version_value": "15.0.1-030"
},
{
"version_affected": "=",
"version_value": "15.5.0-048"
},
{
"version_affected": "=",
"version_value": "15.5.1-055"
},
{
"version_affected": "=",
"version_value": "15.5.2-018"
},
{
"version_affected": "=",
"version_value": "15.0.3-002"
}
]
}
},
{
"product_name": "Cisco Secure Email and Web Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.6.2-023"
},
{
"version_affected": "=",
"version_value": "13.6.2-078"
},
{
"version_affected": "=",
"version_value": "13.0.0-249"
},
{
"version_affected": "=",
"version_value": "13.0.0-277"
},
{
"version_affected": "=",
"version_value": "13.8.1-052"
},
{
"version_affected": "=",
"version_value": "13.8.1-068"
},
{
"version_affected": "=",
"version_value": "13.8.1-074"
},
{
"version_affected": "=",
"version_value": "14.0.0-404"
},
{
"version_affected": "=",
"version_value": "12.8.1-002"
},
{
"version_affected": "=",
"version_value": "14.1.0-227"
},
{
"version_affected": "=",
"version_value": "13.6.1-201"
},
{
"version_affected": "=",
"version_value": "14.2.0-203"
},
{
"version_affected": "=",
"version_value": "14.2.0-212"
},
{
"version_affected": "=",
"version_value": "12.8.1-021"
},
{
"version_affected": "=",
"version_value": "13.8.1-108"
},
{
"version_affected": "=",
"version_value": "14.2.0-224"
},
{
"version_affected": "=",
"version_value": "14.3.0-120"
},
{
"version_affected": "=",
"version_value": "15.0.0-334"
},
{
"version_affected": "=",
"version_value": "15.5.1-024"
},
{
"version_affected": "=",
"version_value": "15.5.1-029"
},
{
"version_affected": "=",
"version_value": "15.5.2-005"
}
]
}
},
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.8.0-453"
},
{
"version_affected": "=",
"version_value": "12.5.3-002"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.0.3-005"
},
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "12.0.4-002"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "11.8.4-004"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.4-011"
},
{
"version_affected": "=",
"version_value": "12.0.5-011"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "12.5.5-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-008"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "12.5.6-008"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "15.2.0-116"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.2.0-164"
},
{
"version_affected": "=",
"version_value": "14.5.1-510"
},
{
"version_affected": "=",
"version_value": "12.0.2-012"
},
{
"version_affected": "=",
"version_value": "12.0.2-004"
},
{
"version_affected": "=",
"version_value": "14.5.1-607"
},
{
"version_affected": "=",
"version_value": "14.5.3-033"
},
{
"version_affected": "=",
"version_value": "15.0.1-004"
},
{
"version_affected": "=",
"version_value": "15.2.1-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-673"
},
{
"version_affected": "=",
"version_value": "14.5.0-537"
},
{
"version_affected": "=",
"version_value": "12.0.1-334"
},
{
"version_affected": "=",
"version_value": "14.0.1-503"
},
{
"version_affected": "=",
"version_value": "14.0.1-053"
},
{
"version_affected": "=",
"version_value": "11.8.0-429"
},
{
"version_affected": "=",
"version_value": "14.0.1-040"
},
{
"version_affected": "=",
"version_value": "14.0.1-014"
},
{
"version_affected": "=",
"version_value": "12.5.1-043"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34"
}
]
},
"source": {
"advisory": "cisco-sa-esa-sma-wsa-multi-yKUJhS34",
"discovery": "EXTERNAL",
"defects": [
"CSCwk70576"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 3.4,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2025/20xxx/CVE-2025-20204.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. \r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.4.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG"
}
]
},
"source": {
"advisory": "cisco-sa-ise-xss-42tgsdMG",
"discovery": "EXTERNAL",
"defects": [
"CSCwj04202"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

205
2025/20xxx/CVE-2025-20205.json
View File

@ -1,17 +1,214 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. \r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 2"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 1"
},
{
"version_affected": "=",
"version_value": "3.3 Patch 3"
},
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG"
}
]
},
"source": {
"advisory": "cisco-sa-ise-xss-42tgsdMG",
"discovery": "EXTERNAL",
"defects": [
"CSCwk32089"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

419
2025/20xxx/CVE-2025-20207.json
View File

@ -1,17 +1,428 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-20207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system.\r\n\r\nThis vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests. An attacker could exploit this vulnerability by sending a crafted SNMP poll request to the affected appliance. A successful exploit could allow the attacker to discover confidential information that should be restricted. To exploit this vulnerability, an attacker must have the configured SNMP credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "13.0.5-007"
},
{
"version_affected": "=",
"version_value": "13.5.4-038"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
},
{
"version_affected": "=",
"version_value": "14.3.0-032"
},
{
"version_affected": "=",
"version_value": "15.0.0-104"
},
{
"version_affected": "=",
"version_value": "15.0.1-030"
},
{
"version_affected": "=",
"version_value": "15.5.0-048"
},
{
"version_affected": "=",
"version_value": "15.5.1-055"
}
]
}
},
{
"product_name": "Cisco Secure Email and Web Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.6.2-023"
},
{
"version_affected": "=",
"version_value": "13.6.2-078"
},
{
"version_affected": "=",
"version_value": "13.0.0-249"
},
{
"version_affected": "=",
"version_value": "13.0.0-277"
},
{
"version_affected": "=",
"version_value": "13.8.1-052"
},
{
"version_affected": "=",
"version_value": "13.8.1-068"
},
{
"version_affected": "=",
"version_value": "13.8.1-074"
},
{
"version_affected": "=",
"version_value": "14.0.0-404"
},
{
"version_affected": "=",
"version_value": "12.8.1-002"
},
{
"version_affected": "=",
"version_value": "14.1.0-227"
},
{
"version_affected": "=",
"version_value": "13.6.1-201"
},
{
"version_affected": "=",
"version_value": "14.2.0-203"
},
{
"version_affected": "=",
"version_value": "14.2.0-212"
},
{
"version_affected": "=",
"version_value": "12.8.1-021"
},
{
"version_affected": "=",
"version_value": "13.8.1-108"
},
{
"version_affected": "=",
"version_value": "14.2.0-224"
},
{
"version_affected": "=",
"version_value": "14.3.0-120"
},
{
"version_affected": "=",
"version_value": "15.0.0-334"
},
{
"version_affected": "=",
"version_value": "15.5.1-024"
},
{
"version_affected": "=",
"version_value": "15.5.1-029"
}
]
}
},
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.8.0-453"
},
{
"version_affected": "=",
"version_value": "12.5.3-002"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.0.3-005"
},
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "12.0.4-002"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "11.8.4-004"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.4-011"
},
{
"version_affected": "=",
"version_value": "12.0.5-011"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "12.5.5-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-008"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.5.1-008"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "12.5.6-008"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "15.2.0-116"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.2.0-164"
},
{
"version_affected": "=",
"version_value": "14.5.1-510"
},
{
"version_affected": "=",
"version_value": "12.0.2-012"
},
{
"version_affected": "=",
"version_value": "12.0.2-004"
},
{
"version_affected": "=",
"version_value": "14.5.1-607"
},
{
"version_affected": "=",
"version_value": "14.5.3-033"
},
{
"version_affected": "=",
"version_value": "12.0.1-334"
},
{
"version_affected": "=",
"version_value": "14.0.1-503"
},
{
"version_affected": "=",
"version_value": "14.0.1-053"
},
{
"version_affected": "=",
"version_value": "11.8.0-429"
},
{
"version_affected": "=",
"version_value": "14.0.1-040"
},
{
"version_affected": "=",
"version_value": "14.0.1-014"
},
{
"version_affected": "=",
"version_value": "12.5.1-043"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX"
}
]
},
"source": {
"advisory": "cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX",
"discovery": "INTERNAL",
"defects": [
"CSCwk60819"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}