CVE-2025-20191

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20191
A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY
Configurations

No configuration.

History

08 May 2025, 14:39

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en las Funciones de Seguridad Integradas del Switch (SISF) de Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software y Cisco Wireless LAN Controller (WLC) AireOS Software podría permitir que un atacante adyacente no autenticado provoque una denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe al manejo incorrecto de paquetes DHCPv6. Un atacante podría explotar esta vulnerabilidad enviando un paquete DHCPv6 manipulado a un dispositivo afectado. Si se explota con éxito, el atacante podría provocar la recarga del dispositivo, lo que provocaría una denegación de servicio (DoS).

07 May 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-07 18:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-20191

Mitre link : CVE-2025-20191

CVE.ORG link : CVE-2025-20191

JSON object : View

Products Affected

No product.

CWE
CWE-805

Buffer Access with Incorrect Length Value