CVE-2025-20185

{"id": "CVE-2025-20185", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2025-02-05T17:15:25.883", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.\r\n\r\nThis vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system.\r\nNote: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad de acceso remoto de Cisco AsyncOS Software para Cisco Secure Email and Web Manager, Cisco Secure Email Gateway y Cisco Secure Web Appliance podr\u00eda permitir que un atacante local autenticado eleve los privilegios a superusuario. El atacante debe autenticarse con credenciales de administrador v\u00e1lidas. Esta vulnerabilidad se debe a una falla arquitect\u00f3nica en el algoritmo de generaci\u00f3n de contrase\u00f1as para la funcionalidad de acceso remoto. Un atacante podr\u00eda explotar esta vulnerabilidad generando una contrase\u00f1a temporal para la cuenta de servicio. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios como superusuario y acceder al sistema operativo subyacente. Nota: La calificaci\u00f3n de impacto de seguridad (SIR) para esta vulnerabilidad es media debido al alcance ilimitado de la informaci\u00f3n a la que puede acceder un atacante."}], "lastModified": "2025-08-06T16:53:52.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asyncos:13.0.0-392:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFEE94BE-6A3A-4873-BFCF-93E550F099A0"}, {"criteria": "cpe:2.3:o:cisco:asyncos:13.0.5-007:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A787134E-F72F-4543-8F0E-3125A982BE3B"}, {"criteria": "cpe:2.3:o:cisco:asyncos:13.5.1-277:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8E06464-FA10-4AA0-8320-FED11EF0B5ED"}, {"criteria": "cpe:2.3:o:cisco:asyncos:13.5.4-038:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B6F533-7521-4DC1-8481-034E6CDE22DD"}, {"criteria": "cpe:2.3:o:cisco:asyncos:14.0.0-698:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A48B45C-E1B4-4524-A095-631C408044A0"}, {"criteria": "cpe:2.3:o:cisco:asyncos:14.2.0-620:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A84B29E7-CB57-4DA8-BA2F-77AA4DB9C394"}, {"criteria": "cpe:2.3:o:cisco:asyncos:14.2.1-020:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "189C0A83-6BF1-45AD-ACC1-FB7561B901A9"}, {"criteria": "cpe:2.3:o:cisco:asyncos:14.3.0-032:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B09FBBD-C6BD-4BBD-8DF4-416D59E1E97C"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.0.0-104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "943D850B-D6B1-4B02-BBF6-687C3FD80AAD"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.0.1-030:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74FB1274-8F04-4A8A-986F-225BBA4553E0"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.0.3-002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10CE9B3-6B35-49CB-8DB6-2AF2D4678417"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.5.0-048:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05560A50-4EF9-42E9-B8B3-FC99C77089B8"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.5.1-055:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "421FFF79-BA3D-4968-928C-6F792E9A34AB"}, {"criteria": "cpe:2.3:o:cisco:asyncos:15.5.2-018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "700129D1-EEB8-4A05-9E32-7C425CAA54F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C9613A5-B198-4AD2-BC74-F21ABAF79174"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57831FD6-1CF3-4ABE-81BA-2576418F9083"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67E804AE-4743-44AD-A364-504B0AB0D9BF"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3057023B-AD68-4953-A780-75EA416A7B94"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B87164B6-4717-4968-86F7-C62EB677FC50"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10BD81D0-D81A-4361-B4E8-D674732A2A33"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D28903F8-3C4D-4337-9721-CEC108A7E2D5"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "84ACD394-2E45-4E8E-A342-AC57935C7038"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6112D56B-B68B-40B0-8EB9-3315533110C7"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A1198BC-C934-4C26-887D-D599E8128FD3"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10374BA0-E7DD-4930-8C58-251F98B75A11"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD265B49-C691-44B3-A505-DC704E80313C"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E37CFC3A-1752-4C66-BD32-CFFA46C3E6AD"}, {"criteria": "cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "830693AC-A737-43B9-BBB4-E3A1C950C47F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}