Imechapishwa: May 09, 2025 16:16
Advisory No: TZCERT-SA-25-0096
Source: Cisco
Software Affected: ConfD, Network Services Orchestrator (NSO), Smart PHY, ASR 5000 Series Software (StarOS), Ultra Packet Core1, iNode Manager, Ultra Cloud Core, Enterprise NFV Infrastructure Software (NFVIS), Small Business RV Series Routers, Catalyst 9800 Series Wireless Controllers, Embedded Wireless Controller on Catalyst APs
Multiple Cisco products are affected by a critical vulnerability. The vulnerability could allow a remote attacker to execute code on the affected device.
Multiple Cisco products are affected by critical vulnerabilities tracked as CVE-2025-32433 and CVE-2025-20188 with CVSS base score of 10 each. The vulnerabilities result from a flaw in the handling of SSH messages during the authentication phase and the presence of a hard-coded JSON Web Token (JWT) on an affected system. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to upload arbitrary files and perform remote code execution (RCE) on an affected device.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
