CNNVD-202509-3821 Information
CNNVD ID
CNNVD-202509-3821
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Cisco IOS和Cisco IOS XE Software都是美国思科(Cisco)公司的产品。Cisco IOS是一套为其网络设备开发的操作系统。Cisco IOS XE Software是一种网络操作系统。 Cisco IOS和Cisco IOS XE Software存在授权问题漏洞,该漏洞源于未正确检查所需的TACACS+共享密钥配置,可能导致中间人攻击者查看敏感信息或绕过身份验证。
Description (English)
Cisco IOS and Cisco IOS XE Software are all Cisco products. Cisco IOS is an operating system developed for its network equipment. Cisco IOS XE Software is a network operating system. Cisco IOS and Cisco IOS XE Software have a mandate gap that stems from the TACACCS+ shared key configuration required for incorrect inspection, which may lead to intermediaries looking at sensitive information or bypassing identification.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
Citadel
Published
2025-09-24
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw https://access.redhat.com/security/cve/cve-2025-20160