CVE-2025-20221 - Vulnerability Details - OpenCVE

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn

History

Wed, 07 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 07 May 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.
Weaknesses		CWE-200
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-05-07T17:38:49.862Z

Updated: 2025-05-07T19:41:59.096Z

Reserved: 2024-10-10T19:15:13.233Z

Link: CVE-2025-20221

Vulnrichment

Updated: 2025-05-07T18:56:52.535Z

NVD

Status : Awaiting Analysis

Published: 2025-05-07T18:15:41.917

Modified: 2025-05-08T14:39:09.683

Link: CVE-2025-20221

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20221", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.233Z", "datePublished": "2025-05-07T17:38:49.862Z", "dateUpdated": "2025-05-07T19:41:59.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-05-07T17:38:49.862Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \r\n\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network."}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"version": "16.12.13", "status": "affected"}, {"version": "17.1.1", "status": "affected"}, {"version": "17.1.1s", "status": "affected"}, {"version": "17.1.1t", "status": "affected"}, {"version": "17.1.3", "status": "affected"}, {"version": "17.2.1", "status": "affected"}, {"version": "17.2.1r", "status": "affected"}, {"version": "17.2.1a", "status": "affected"}, {"version": "17.2.1v", "status": "affected"}, {"version": "17.2.2", "status": "affected"}, {"version": "17.2.3", "status": "affected"}, {"version": "17.3.1", "status": "affected"}, {"version": "17.3.2", "status": "affected"}, {"version": "17.3.3", "status": "affected"}, {"version": "17.3.1a", "status": "affected"}, {"version": "17.3.2a", "status": "affected"}, {"version": "17.3.4", "status": "affected"}, {"version": "17.3.5", "status": "affected"}, {"version": "17.3.4a", "status": "affected"}, {"version": "17.3.6", "status": "affected"}, {"version": "17.3.7", "status": "affected"}, {"version": "17.3.8", "status": "affected"}, {"version": "17.3.8a", "status": "affected"}, {"version": "17.4.1", "status": "affected"}, {"version": "17.4.2", "status": "affected"}, {"version": "17.4.1a", "status": "affected"}, {"version": "17.4.1b", "status": "affected"}, {"version": "17.5.1", "status": "affected"}, {"version": "17.5.1a", "status": "affected"}, {"version": "17.6.1", "status": "affected"}, {"version": "17.6.2", "status": "affected"}, {"version": "17.6.1a", "status": "affected"}, {"version": "17.6.3", "status": "affected"}, {"version": "17.6.1y", "status": "affected"}, {"version": "17.6.3a", "status": "affected"}, {"version": "17.6.4", "status": "affected"}, {"version": "17.6.5", "status": "affected"}, {"version": "17.6.6", "status": "affected"}, {"version": "17.6.6a", "status": "affected"}, {"version": "17.6.5a", "status": "affected"}, {"version": "17.6.7", "status": "affected"}, {"version": "17.6.8", "status": "affected"}, {"version": "17.6.8a", "status": "affected"}, {"version": "17.7.1", "status": "affected"}, {"version": "17.7.1a", "status": "affected"}, {"version": "17.7.2", "status": "affected"}, {"version": "17.10.1", "status": "affected"}, {"version": "17.10.1a", "status": "affected"}, {"version": "17.10.1b", "status": "affected"}, {"version": "17.8.1", "status": "affected"}, {"version": "17.8.1a", "status": "affected"}, {"version": "17.9.1", "status": "affected"}, {"version": "17.9.2", "status": "affected"}, {"version": "17.9.1a", "status": "affected"}, {"version": "17.9.3", "status": "affected"}, {"version": "17.9.2a", "status": "affected"}, {"version": "17.9.3a", "status": "affected"}, {"version": "17.9.4", "status": "affected"}, {"version": "17.9.5", "status": "affected"}, {"version": "17.9.4a", "status": "affected"}, {"version": "17.9.5a", "status": "affected"}, {"version": "17.9.5b", "status": "affected"}, {"version": "17.9.6", "status": "affected"}, {"version": "17.9.6a", "status": "affected"}, {"version": "17.9.5e", "status": "affected"}, {"version": "17.9.5f", "status": "affected"}, {"version": "17.11.1", "status": "affected"}, {"version": "17.11.1a", "status": "affected"}, {"version": "17.12.1", "status": "affected"}, {"version": "17.12.1a", "status": "affected"}, {"version": "17.12.2", "status": "affected"}, {"version": "17.12.3", "status": "affected"}, {"version": "17.12.4", "status": "affected"}, {"version": "17.12.3a", "status": "affected"}, {"version": "17.12.1z2", "status": "affected"}, {"version": "17.12.4a", "status": "affected"}, {"version": "17.12.4b", "status": "affected"}, {"version": "17.13.1", "status": "affected"}, {"version": "17.13.1a", "status": "affected"}, {"version": "17.14.1", "status": "affected"}, {"version": "17.14.1a", "status": "affected"}, {"version": "17.15.1", "status": "affected"}, {"version": "17.15.1a", "status": "affected"}, {"version": "17.15.2", "status": "affected"}, {"version": "17.15.1x", "status": "affected"}, {"version": "17.15.2c", "status": "affected"}, {"version": "17.15.2b", "status": "affected"}, {"version": "17.16.1", "status": "affected"}, {"version": "17.16.1a", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn", "name": "cisco-sa-snmp-bypass-HHUVujdn"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-snmp-bypass-HHUVujdn", "discovery": "EXTERNAL", "defects": ["CSCwn25087"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T18:56:50.900282Z", "id": "CVE-2025-20221", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T19:41:59.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-07T18:56:50.900282Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T18:56:52.535Z"}}], "cna": {"source": {"defects": ["CSCwn25087"], "advisory": "cisco-sa-snmp-bypass-HHUVujdn", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"status": "affected", "version": "16.12.13"}, {"status": "affected", "version": "17.1.1"}, {"status": "affected", "version": "17.1.1s"}, {"status": "affected", "version": "17.1.1t"}, {"status": "affected", "version": "17.1.3"}, {"status": "affected", "version": "17.2.1"}, {"status": "affected", "version": "17.2.1r"}, {"status": "affected", "version": "17.2.1a"}, {"status": "affected", "version": "17.2.1v"}, {"status": "affected", "version": "17.2.2"}, {"status": "affected", "version": "17.2.3"}, {"status": "affected", "version": "17.3.1"}, {"status": "affected", "version": "17.3.2"}, {"status": "affected", "version": "17.3.3"}, {"status": "affected", "version": "17.3.1a"}, {"status": "affected", "version": "17.3.2a"}, {"status": "affected", "version": "17.3.4"}, {"status": "affected", "version": "17.3.5"}, {"status": "affected", "version": "17.3.4a"}, {"status": "affected", "version": "17.3.6"}, {"status": "affected", "version": "17.3.7"}, {"status": "affected", "version": "17.3.8"}, {"status": "affected", "version": "17.3.8a"}, {"status": "affected", "version": "17.4.1"}, {"status": "affected", "version": "17.4.2"}, {"status": "affected", "version": "17.4.1a"}, {"status": "affected", "version": "17.4.1b"}, {"status": "affected", "version": "17.5.1"}, {"status": "affected", "version": "17.5.1a"}, {"status": "affected", "version": "17.6.1"}, {"status": "affected", "version": "17.6.2"}, {"status": "affected", "version": "17.6.1a"}, {"status": "affected", "version": "17.6.3"}, {"status": "affected", "version": "17.6.1y"}, {"status": "affected", "version": "17.6.3a"}, {"status": "affected", "version": "17.6.4"}, {"status": "affected", "version": "17.6.5"}, {"status": "affected", "version": "17.6.6"}, {"status": "affected", "version": "17.6.6a"}, {"status": "affected", "version": "17.6.5a"}, {"status": "affected", "version": "17.6.7"}, {"status": "affected", "version": "17.6.8"}, {"status": "affected", "version": "17.6.8a"}, {"status": "affected", "version": "17.7.1"}, {"status": "affected", "version": "17.7.1a"}, {"status": "affected", "version": "17.7.2"}, {"status": "affected", "version": "17.10.1"}, {"status": "affected", "version": "17.10.1a"}, {"status": "affected", "version": "17.10.1b"}, {"status": "affected", "version": "17.8.1"}, {"status": "affected", "version": "17.8.1a"}, {"status": "affected", "version": "17.9.1"}, {"status": "affected", "version": "17.9.2"}, {"status": "affected", "version": "17.9.1a"}, {"status": "affected", "version": "17.9.3"}, {"status": "affected", "version": "17.9.2a"}, {"status": "affected", "version": "17.9.3a"}, {"status": "affected", "version": "17.9.4"}, {"status": "affected", "version": "17.9.5"}, {"status": "affected", "version": "17.9.4a"}, {"status": "affected", "version": "17.9.5a"}, {"status": "affected", "version": "17.9.5b"}, {"status": "affected", "version": "17.9.6"}, {"status": "affected", "version": "17.9.6a"}, {"status": "affected", "version": "17.9.5e"}, {"status": "affected", "version": "17.9.5f"}, {"status": "affected", "version": "17.11.1"}, {"status": "affected", "version": "17.11.1a"}, {"status": "affected", "version": "17.12.1"}, {"status": "affected", "version": "17.12.1a"}, {"status": "affected", "version": "17.12.2"}, {"status": "affected", "version": "17.12.3"}, {"status": "affected", "version": "17.12.4"}, {"status": "affected", "version": "17.12.3a"}, {"status": "affected", "version": "17.12.1z2"}, {"status": "affected", "version": "17.12.4a"}, {"status": "affected", "version": "17.12.4b"}, {"status": "affected", "version": "17.13.1"}, {"status": "affected", "version": "17.13.1a"}, {"status": "affected", "version": "17.14.1"}, {"status": "affected", "version": "17.14.1a"}, {"status": "affected", "version": "17.15.1"}, {"status": "affected", "version": "17.15.1a"}, {"status": "affected", "version": "17.15.2"}, {"status": "affected", "version": "17.15.1x"}, {"status": "affected", "version": "17.15.2c"}, {"status": "affected", "version": "17.15.2b"}, {"status": "affected", "version": "17.16.1"}, {"status": "affected", "version": "17.16.1a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-bypass-HHUVujdn", "name": "cisco-sa-snmp-bypass-HHUVujdn"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. \r\n\r This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-05-07T17:38:49.862Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20221", "state": "PUBLISHED", "dateUpdated": "2025-05-07T19:41:59.096Z", "dateReserved": "2024-10-10T19:15:13.233Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-05-07T17:38:49.862Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}