CVE-2025-20185

MEDIUM EPSS 6.8%

Published Feb 5, 20251y ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Feb 5, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

6.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-250

Affected Products 28

Vendor	Product	Version	Range
cisco	asyncos	13.0.0-392	any
cisco	asyncos	13.0.5-007	any
cisco	asyncos	13.5.1-277	any
cisco	asyncos	13.5.4-038	any
cisco	asyncos	14.0.0-698	any
cisco	asyncos	14.2.0-620	any
cisco	asyncos	14.2.1-020	any
cisco	asyncos	14.3.0-032	any
cisco	asyncos	15.0.0-104	any
cisco	asyncos	15.0.1-030	any
cisco	asyncos	15.0.3-002	any
cisco	asyncos	15.5.0-048	any
cisco	asyncos	15.5.1-055	any
cisco	asyncos	15.5.2-018	any
cisco	secure_email_and_web_manager_virtual_appliance_m100v	*	any
cisco	secure_email_and_web_manager_virtual_appliance_m300v	*	any
cisco	secure_email_and_web_manager_virtual_appliance_m600v	*	any
cisco	secure_email_and_web_manager_m170	*	any
cisco	secure_email_and_web_manager_m190	*	any
cisco	secure_email_and_web_manager_m195	*	any
cisco	secure_email_and_web_manager_m380	*	any
cisco	secure_email_and_web_manager_m390	*	any
cisco	secure_email_and_web_manager_m390x	*	any
cisco	secure_email_and_web_manager_m395	*	any
cisco	secure_email_and_web_manager_m680	*	any
cisco	secure_email_and_web_manager_m690	*	any
cisco	secure_email_and_web_manager_m690x	*	any
cisco	secure_email_and_web_manager_m695	*	any

References 1

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.