Published On: Apr 26, 2025 23:29
Advisory No: TZCERT-SA-25-0092
Source: Cisco
Software Affected: ConfD, Network Services Orchestrator (NSO), Smart PHY, ASR 5000 Series Software (StarOS), Ultra Packet Core1, iNode Manager, Ultra Cloud Core, Enterprise NFV Infrastructure Software (NFVIS), Small Business RV Series Routers
Multiple Cisco products are affected by a critical vulnerability. The vulnerability could allow a remote attacker to execute code on the affected device.
ConfD, Network Services Orchestrator (NSO), Smart PHY, ASR 5000 Series Software (StarOS), Ultra Packet Core1, iNode Manager, Ultra Cloud Core, Enterprise NFV Infrastructure Software (NFVIS), and Small Business RV Series Routers are affected by critical vulnerabilities tracked as CVE-2025-32433, with a CVSS base score of 10. The vulnerability results from a flaw in the handling of SSH messages during the authentication phase. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to perform remote code execution (RCE) on an affected device.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Cisco has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
