SB2025031333 - Multiple vulnerabilities in Cisco IOS XR
Published: March 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-20209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of malformed packets in the Internet Key Exchange version 2 (IKEv2) function. A remote attacker can send specially crafted IKEv2 packets and cause a denial of service condition on the target system.
2) OS Command Injection (CVE-ID: CVE-2025-20138)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the CLI. A local user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-20145)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress access control list (ACL) is configured. A remote attacker can bypass an egress ACL on the target device.
Remediation
Install update from vendor's website.
References
- https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrike-9wYGpRGq
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-modular-ACL-u5MEPXMm