{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20177", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.220Z", "datePublished": "2025-03-12T16:13:04.362Z", "dateUpdated": "2025-03-14T15:31:19.971Z"}, "containers": {"cna": {"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx", "name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx"}, {"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/", "name": "Crafting endless AS-PATHS in BGP"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx", "discovery": "INTERNAL", "defects": ["CSCwk67262"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Handling of Insufficient Privileges", "type": "cwe", "cweId": "CWE-274"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"version": "7.0.1", "status": "affected"}, {"version": "7.0.0", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.0.90", "status": "affected"}, {"version": "6.7.1", "status": "affected"}, {"version": "7.0.2", "status": "affected"}, {"version": "7.1.15", "status": "affected"}, {"version": "7.2.0", "status": "affected"}, {"version": "7.2.1", "status": "affected"}, {"version": "7.1.2", "status": "affected"}, {"version": "6.7.2", "status": "affected"}, {"version": "7.0.11", "status": "affected"}, {"version": "7.0.12", "status": "affected"}, {"version": "7.0.14", "status": "affected"}, {"version": "7.1.25", "status": "affected"}, {"version": "7.2.12", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.1.3", "status": "affected"}, {"version": "6.7.3", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.2.2", "status": "affected"}, {"version": "6.7.4", "status": "affected"}, {"version": "7.3.15", "status": "affected"}, {"version": "7.3.16", "status": "affected"}, {"version": "6.8.1", "status": "affected"}, {"version": "7.4.15", "status": "affected"}, {"version": "7.3.2", "status": "affected"}, {"version": "7.5.1", "status": "affected"}, {"version": "7.4.16", "status": "affected"}, {"version": "7.3.27", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.5.2", "status": "affected"}, {"version": "7.8.1", "status": "affected"}, {"version": "7.6.15", "status": "affected"}, {"version": "7.5.12", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.7.1", "status": "affected"}, {"version": "6.8.2", "status": "affected"}, {"version": "7.3.4", "status": "affected"}, {"version": "7.4.2", "status": "affected"}, {"version": "6.7.35", "status": "affected"}, {"version": "6.9.1", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.5.3", "status": "affected"}, {"version": "7.7.2", "status": "affected"}, {"version": "6.9.2", "status": "affected"}, {"version": "7.9.1", "status": "affected"}, {"version": "7.10.1", "status": "affected"}, {"version": "7.8.2", "status": "affected"}, {"version": "7.5.4", "status": "affected"}, {"version": "7.8.22", "status": "affected"}, {"version": "7.7.21", "status": "affected"}, {"version": "7.9.2", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "7.5.5", "status": "affected"}, {"version": "7.11.1", "status": "affected"}, {"version": "7.9.21", "status": "affected"}, {"version": "7.10.2", "status": "affected"}, {"version": "24.1.1", "status": "affected"}, {"version": "7.6.3", "status": "affected"}, {"version": "7.3.6", "status": "affected"}, {"version": "7.11.2", "status": "affected"}, {"version": "24.2.1", "status": "affected"}, {"version": "24.1.2", "status": "affected"}, {"version": "24.2.11", "status": "affected"}, {"version": "24.3.1", "status": "affected"}, {"version": "7.8.23", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-03-12T16:13:04.362Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-13T03:55:23.530580Z", "id": "CVE-2025-20177", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T15:31:19.971Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20177", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-13T03:55:23.530580Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T15:31:16.972Z"}}], "cna": {"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability", "source": {"defects": ["CSCwk67262"], "advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "7.0.90"}, {"status": "affected", "version": "6.7.1"}, {"status": "affected", "version": "7.0.2"}, {"status": "affected", "version": "7.1.15"}, {"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.2.1"}, {"status": "affected", "version": "7.1.2"}, {"status": "affected", "version": "6.7.2"}, {"status": "affected", "version": "7.0.11"}, {"status": "affected", "version": "7.0.12"}, {"status": "affected", "version": "7.0.14"}, {"status": "affected", "version": "7.1.25"}, {"status": "affected", "version": "7.2.12"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.1.3"}, {"status": "affected", "version": "6.7.3"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.2.2"}, {"status": "affected", "version": "6.7.4"}, {"status": "affected", "version": "7.3.15"}, {"status": "affected", "version": "7.3.16"}, {"status": "affected", "version": "6.8.1"}, {"status": "affected", "version": "7.4.15"}, {"status": "affected", "version": "7.3.2"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "7.4.16"}, {"status": "affected", "version": "7.3.27"}, {"status": "affected", "version": "7.6.1"}, {"status": "affected", "version": "7.5.2"}, {"status": "affected", "version": "7.8.1"}, {"status": "affected", "version": "7.6.15"}, {"status": "affected", "version": "7.5.12"}, {"status": "affected", "version": "7.3.3"}, {"status": "affected", "version": "7.7.1"}, {"status": "affected", "version": "6.8.2"}, {"status": "affected", "version": "7.3.4"}, {"status": "affected", "version": "7.4.2"}, {"status": "affected", "version": "6.7.35"}, {"status": "affected", "version": "6.9.1"}, {"status": "affected", "version": "7.6.2"}, {"status": "affected", "version": "7.5.3"}, {"status": "affected", "version": "7.7.2"}, {"status": "affected", "version": "6.9.2"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.8.2"}, {"status": "affected", "version": "7.5.4"}, {"status": "affected", "version": "7.8.22"}, {"status": "affected", "version": "7.7.21"}, {"status": "affected", "version": "7.9.2"}, {"status": "affected", "version": "7.3.5"}, {"status": "affected", "version": "7.5.5"}, {"status": "affected", "version": "7.11.1"}, {"status": "affected", "version": "7.9.21"}, {"status": "affected", "version": "7.10.2"}, {"status": "affected", "version": "24.1.1"}, {"status": "affected", "version": "7.6.3"}, {"status": "affected", "version": "7.3.6"}, {"status": "affected", "version": "7.11.2"}, {"status": "affected", "version": "24.2.1"}, {"status": "affected", "version": "24.1.2"}, {"status": "affected", "version": "24.2.11"}, {"status": "affected", "version": "24.3.1"}, {"status": "affected", "version": "7.8.23"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx", "name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx"}, {"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/", "name": "Crafting endless AS-PATHS in BGP"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-274", "description": "Improper Handling of Insufficient Privileges"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-03-12T16:13:04.362Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20177", "state": "PUBLISHED", "dateUpdated": "2025-03-14T15:31:19.971Z", "dateReserved": "2024-10-10T19:15:13.220Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-03-12T16:13:04.362Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EC4CBFD-BFB8-4D89-B5F7-3CBD156778A7", "versionEndExcluding": "7.11.21", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCAF5A0C-D731-4BE1-AAD8-88ADDB8A65DE", "versionEndExcluding": "24.2.2", "versionStartIncluding": "24.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C9D6AD9-652C-491A-9B61-04691D82BBBE", "versionEndExcluding": "24.3.2", "versionStartIncluding": "24.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:24.4:*:*:*:*:*:*:*", "matchCriteriaId": "1FCE9AC2-F70A-4B54-8B1C-8F28E4FB32D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*", "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*", "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*", "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*", "matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*", "matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*", "matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*", "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*", "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*", "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*", "matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado omita la verificaci\u00f3n de la firma de la imagen de Cisco IOS XR e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incompleta de los archivos durante el proceso de verificaci\u00f3n de arranque. Un atacante podr\u00eda explotarla manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle omitir el requisito de ejecutar im\u00e1genes firmadas por Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Dado que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar que el atacante omita la verificaci\u00f3n de la imagen de Cisco, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de media a alta."}], "id": "CVE-2025-20177", "lastModified": "2025-08-06T17:04:34.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2025-03-12T16:15:22.347", "references": [{"source": "psirt@cisco.com", "tags": ["Product"], "url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-274"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}