CVE-2025-20178
published 2025-04-16CVE-2025-20178: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative…
PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.33%
24.4th percentile
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_secure_network_analytics | — | — |
| cisco | cisco_secure_network_analytics | — | — |
| cisco | cisco_secure_network_analytics | — | — |
| cisco | secure_network_analytics | — | — |
| cisco | secure_network_analytics | — | — |
| cisco | secure_network_analytics | — | — |
| cisco | secure_network_analytics | — | — |
| msrc | cm1_ansible_2.9.18-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
vendor_cisco6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Secure Network Analytics Privilege Escalation Vulnerability
vendor_cisco·2025-04-16·CVSS 6.0
CVE-2025-20178 [MEDIUM] CWE-347 Cisco Secure Network Analytics Privilege Escalation Vulnerability
Cisco Secure Network Analytics Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.
Cisco has released software updates that address this vulnerability. There are no workarounds that addre
Microsoft
Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long
vendor_msrc·2021-05-11·CVSS 7.5
CVE-2020-20178 [HIGH] Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long
Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long it will result in an exception. Attackers can make attacks by creating a series of account addresses.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See th
Cisco
Cisco Secure Network Analytics Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.1
CVE-2025-20178 Cisco Secure Network Analytics Privilege Escalation Vulnerability
CVE-2025-20178: Cisco Secure Network Analytics Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root . Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
GHSA
GHSA-vr9w-fp6c-vj58: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid admin
ghsa_unreviewed·2025-04-16
CVE-2025-20178 [MEDIUM] CWE-347 GHSA-vr9w-fp6c-vj58: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid admin
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.
No detection rules found.
No public exploits indexed.
2025-04-16
Published