CVE-2025-20119

26.02.2025, 17:15

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cisco	CNA	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
cisco	application_policy_infrastructure_controller	3.2\(1l\)
cisco	application_policy_infrastructure_controller	3.2\(1m\)
cisco	application_policy_infrastructure_controller	3.2\(2l\)
cisco	application_policy_infrastructure_controller	3.2\(2o\)
cisco	application_policy_infrastructure_controller	3.2\(3i\)
cisco	application_policy_infrastructure_controller	3.2\(3j\)
cisco	application_policy_infrastructure_controller	3.2\(3n\)
cisco	application_policy_infrastructure_controller	3.2\(3o\)
cisco	application_policy_infrastructure_controller	3.2\(3r\)
cisco	application_policy_infrastructure_controller	3.2\(3s\)
cisco	application_policy_infrastructure_controller	3.2\(4d\)
cisco	application_policy_infrastructure_controller	3.2\(4e\)
cisco	application_policy_infrastructure_controller	3.2\(5d\)
cisco	application_policy_infrastructure_controller	3.2\(5e\)
cisco	application_policy_infrastructure_controller	3.2\(5f\)
cisco	application_policy_infrastructure_controller	3.2\(6i\)
cisco	application_policy_infrastructure_controller	3.2\(7f\)
cisco	application_policy_infrastructure_controller	3.2\(7k\)
cisco	application_policy_infrastructure_controller	3.2\(8d\)
cisco	application_policy_infrastructure_controller	3.2\(9b\)
cisco	application_policy_infrastructure_controller	3.2\(9f\)
cisco	application_policy_infrastructure_controller	3.2\(9h\)
cisco	application_policy_infrastructure_controller	3.2\(10e\)
cisco	application_policy_infrastructure_controller	3.2\(10f\)
cisco	application_policy_infrastructure_controller	3.2\(10g\)
cisco	application_policy_infrastructure_controller	3.2\(41d\)
cisco	application_policy_infrastructure_controller	4.0\(1h\)
cisco	application_policy_infrastructure_controller	4.0\(2c\)
cisco	application_policy_infrastructure_controller	4.0\(3c\)
cisco	application_policy_infrastructure_controller	4.0\(3d\)
cisco	application_policy_infrastructure_controller	4.1\(1a\)
cisco	application_policy_infrastructure_controller	4.1\(1i\)
cisco	application_policy_infrastructure_controller	4.1\(1j\)
cisco	application_policy_infrastructure_controller	4.1\(1k\)
cisco	application_policy_infrastructure_controller	4.1\(1l\)
cisco	application_policy_infrastructure_controller	4.1\(2g\)
cisco	application_policy_infrastructure_controller	4.1\(2m\)
cisco	application_policy_infrastructure_controller	4.1\(2o\)
cisco	application_policy_infrastructure_controller	4.1\(2s\)
cisco	application_policy_infrastructure_controller	4.1\(2u\)
cisco	application_policy_infrastructure_controller	4.1\(2w\)
cisco	application_policy_infrastructure_controller	4.1\(2x\)
cisco	application_policy_infrastructure_controller	4.2\(1g\)
cisco	application_policy_infrastructure_controller	4.2\(1i\)
cisco	application_policy_infrastructure_controller	4.2\(1j\)
cisco	application_policy_infrastructure_controller	4.2\(1l\)
cisco	application_policy_infrastructure_controller	4.2\(2e\)
cisco	application_policy_infrastructure_controller	4.2\(2f\)
cisco	application_policy_infrastructure_controller	4.2\(2g\)
cisco	application_policy_infrastructure_controller	4.2\(3j\)
cisco	application_policy_infrastructure_controller	4.2\(3l\)
cisco	application_policy_infrastructure_controller	4.2\(3n\)
cisco	application_policy_infrastructure_controller	4.2\(3q\)
cisco	application_policy_infrastructure_controller	4.2\(4i\)
cisco	application_policy_infrastructure_controller	4.2\(4k\)
cisco	application_policy_infrastructure_controller	4.2\(4o\)
cisco	application_policy_infrastructure_controller	4.2\(4p\)
cisco	application_policy_infrastructure_controller	4.2\(5k\)
cisco	application_policy_infrastructure_controller	4.2\(5l\)
cisco	application_policy_infrastructure_controller	4.2\(5n\)
cisco	application_policy_infrastructure_controller	4.2\(6d\)
cisco	application_policy_infrastructure_controller	4.2\(6g\)
cisco	application_policy_infrastructure_controller	4.2\(6h\)
cisco	application_policy_infrastructure_controller	4.2\(6l\)
cisco	application_policy_infrastructure_controller	4.2\(6o\)
cisco	application_policy_infrastructure_controller	4.2\(7f\)
cisco	application_policy_infrastructure_controller	4.2\(7l\)
cisco	application_policy_infrastructure_controller	4.2\(7q\)
cisco	application_policy_infrastructure_controller	4.2\(7r\)
cisco	application_policy_infrastructure_controller	4.2\(7s\)
cisco	application_policy_infrastructure_controller	4.2\(7t\)
cisco	application_policy_infrastructure_controller	4.2\(7u\)
cisco	application_policy_infrastructure_controller	4.2\(7v\)
cisco	application_policy_infrastructure_controller	4.2\(7w\)
cisco	application_policy_infrastructure_controller	5.0\(1k\)
cisco	application_policy_infrastructure_controller	5.0\(1l\)
cisco	application_policy_infrastructure_controller	5.0\(2e\)
cisco	application_policy_infrastructure_controller	5.0\(2h\)
cisco	application_policy_infrastructure_controller	5.1\(1h\)
cisco	application_policy_infrastructure_controller	5.1\(2e\)
cisco	application_policy_infrastructure_controller	5.1\(3e\)
cisco	application_policy_infrastructure_controller	5.1\(4c\)
cisco	application_policy_infrastructure_controller	5.2\(1g\)
cisco	application_policy_infrastructure_controller	5.2\(2e\)
cisco	application_policy_infrastructure_controller	5.2\(2f\)
cisco	application_policy_infrastructure_controller	5.2\(2g\)
cisco	application_policy_infrastructure_controller	5.2\(2h\)
cisco	application_policy_infrastructure_controller	5.2\(3e\)
cisco	application_policy_infrastructure_controller	5.2\(3f\)
cisco	application_policy_infrastructure_controller	5.2\(3g\)
cisco	application_policy_infrastructure_controller	5.2\(4d\)
cisco	application_policy_infrastructure_controller	5.2\(4e\)
cisco	application_policy_infrastructure_controller	5.2\(4f\)
cisco	application_policy_infrastructure_controller	5.2\(4h\)
cisco	application_policy_infrastructure_controller	5.2\(5c\)
cisco	application_policy_infrastructure_controller	5.2\(5d\)
cisco	application_policy_infrastructure_controller	5.2\(5e\)
cisco	application_policy_infrastructure_controller	5.2\(6e\)
cisco	application_policy_infrastructure_controller	5.2\(6g\)
cisco	application_policy_infrastructure_controller	5.2\(6h\)
cisco	application_policy_infrastructure_controller	5.2\(7f\)
cisco	application_policy_infrastructure_controller	5.2\(7g\)
cisco	application_policy_infrastructure_controller	5.2\(8d\)
cisco	application_policy_infrastructure_controller	5.2\(8e\)
cisco	application_policy_infrastructure_controller	5.2\(8f\)
cisco	application_policy_infrastructure_controller	5.2\(8g\)
cisco	application_policy_infrastructure_controller	5.2\(8h\)
cisco	application_policy_infrastructure_controller	5.2\(8i\)
cisco	application_policy_infrastructure_controller	5.3\(1d\)
cisco	application_policy_infrastructure_controller	5.3\(2a\)
cisco	application_policy_infrastructure_controller	5.3\(2b\)
cisco	application_policy_infrastructure_controller	5.3\(2c\)
cisco	application_policy_infrastructure_controller	5.3\(2d\)
cisco	application_policy_infrastructure_controller	5.3\(2e\)
cisco	application_policy_infrastructure_controller	6.0\(1g\)
cisco	application_policy_infrastructure_controller	6.0\(1j\)
cisco	application_policy_infrastructure_controller	6.0\(2h\)
cisco	application_policy_infrastructure_controller	6.0\(2j\)
cisco	application_policy_infrastructure_controller	6.0\(3d\)
cisco	application_policy_infrastructure_controller	6.0\(3e\)
cisco	application_policy_infrastructure_controller	6.0\(3g\)
cisco	application_policy_infrastructure_controller	6.0\(4c\)
cisco	application_policy_infrastructure_controller	6.0\(5h\)
cisco	application_policy_infrastructure_controller	6.0\(5j\)
cisco	application_policy_infrastructure_controller	6.0\(6c\)
cisco	application_policy_infrastructure_controller	6.0\(7e\)
cisco	application_policy_infrastructure_controller	6.0\(8d\)
cisco	application_policy_infrastructure_controller	6.1\(1f\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5