CVE-2025-20189

{"id": "CVE-2025-20189", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2025-05-07T18:15:38.770", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-762"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n Cisco Express Forwarding del software Cisco IOS XE para routers de servicios de agregaci\u00f3n Cisco ASR 903 con procesador de conmutaci\u00f3n de ruta 3 (RSP3C) podr\u00eda permitir que un atacante adyacente no autenticado active una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una gesti\u00f3n de memoria inadecuada cuando el software Cisco IOS XE procesa mensajes del protocolo de resoluci\u00f3n de direcciones (ARP). Un atacante podr\u00eda explotar esta vulnerabilidad enviando mensajes ARP manipulados a alta velocidad durante un per\u00edodo de tiempo a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante agotar los recursos del sistema, lo que eventualmente desencadena la recarga del procesador de conmutaci\u00f3n de ruta (RSP) activo. Si no hay un RSP redundante, el router se recarga."}], "lastModified": "2025-05-08T14:39:09.683", "sourceIdentifier": "psirt@cisco.com"}