nvd-json-data-feeds/CVE-2025/CVE-2025-201xx/CVE-2025-20118.json

{
  "id": "CVE-2025-20118",
  "sourceIdentifier": "psirt@cisco.com",
  "published": "2025-02-26T17:15:22.723",
  "lastModified": "2025-02-26T18:15:14.353",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de los procesos internos del sistema de Cisco APIC podr\u00eda permitir que un atacante local autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a un enmascaramiento insuficiente de la informaci\u00f3n confidencial que se muestra a trav\u00e9s de los comandos de la interfaz de l\u00ednea de comandos del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el uso de t\u00e9cnicas de reconocimiento en la interfaz de l\u00ednea de comandos del dispositivo. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial en un dispositivo afectado que podr\u00eda usarse para ataques adicionales."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5",
      "source": "psirt@cisco.com"
    }
  ]
}
Auto-Update: 2025-02-26T19:00:22.362560+00:00 2025-02-26 19:03:52 +00:00			`{`
			`"id": "CVE-2025-20118",`
			`"sourceIdentifier": "psirt@cisco.com",`
			`"published": "2025-02-26T17:15:22.723",`
			`"lastModified": "2025-02-26T18:15:14.353",`
Auto-Update: 2025-03-09T03:00:19.873769+00:00 2025-03-09 03:03:50 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2025-02-26T19:00:22.362560+00:00 2025-02-26 19:03:52 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Una vulnerabilidad en la implementaci\u00f3n de los procesos internos del sistema de Cisco APIC podr\u00eda permitir que un atacante local autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a un enmascaramiento insuficiente de la informaci\u00f3n confidencial que se muestra a trav\u00e9s de los comandos de la interfaz de l\u00ednea de comandos del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el uso de t\u00e9cnicas de reconocimiento en la interfaz de l\u00ednea de comandos del dispositivo. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial en un dispositivo afectado que podr\u00eda usarse para ataques adicionales."
Auto-Update: 2025-02-26T19:00:22.362560+00:00 2025-02-26 19:03:52 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "psirt@cisco.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",`
			`"baseScore": 4.4,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE"`
			`},`
			`"exploitabilityScore": 0.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "psirt@cisco.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-212"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5",`
			`"source": "psirt@cisco.com"`
			`}`
			`]`
			`}`