CVE-2025-20160

EUVD-2025-31035
A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. 

 This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ciscoCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ciscoios
3.16.8S
CNA
ciscoios
3.16.9S
CNA
ciscoios
3.16.10S
CNA
ciscoios
3.8.6E
CNA
ciscoios
3.8.7E
CNA
ciscoios
3.8.8E
CNA
ciscoios
3.8.9E
CNA
ciscoios
3.8.10E
CNA
ciscoios
16.6.5
CNA
ciscoios
16.6.5a
CNA
ciscoios
16.6.6
CNA
ciscoios
16.6.7
CNA
ciscoios
16.6.8
CNA
ciscoios
16.6.9
CNA
ciscoios
16.6.10
CNA
ciscoios
16.8.1
CNA
ciscoios
16.8.1a
CNA
ciscoios
16.8.1b
CNA
ciscoios
16.8.1s
CNA
ciscoios
16.8.1c
CNA
ciscoios
16.8.1d
CNA
ciscoios
16.8.2
CNA
ciscoios
16.8.1e
CNA
ciscoios
16.8.3
CNA
ciscoios
16.9.1
CNA
ciscoios
16.9.2
CNA
ciscoios
16.9.1a
CNA
ciscoios
16.9.1b
CNA
ciscoios
16.9.1s
CNA
ciscoios
16.9.3
CNA
ciscoios
16.9.4
CNA
ciscoios
16.9.3a
CNA
ciscoios
16.9.5
CNA
ciscoios
16.9.5f
CNA
ciscoios
16.9.6
CNA
ciscoios
16.9.7
CNA
ciscoios
16.9.8
CNA
ciscoios
16.10.1
CNA
ciscoios
16.10.1a
CNA
ciscoios
16.10.1b
CNA
ciscoios
16.10.1s
CNA
ciscoios
16.10.1c
CNA
ciscoios
16.10.1e
CNA
ciscoios
16.10.1d
CNA
ciscoios
16.10.2
CNA
ciscoios
16.10.1f
CNA
ciscoios
16.10.1g
CNA
ciscoios
16.10.3
CNA
ciscoios
3.10.1E
CNA
ciscoios
3.10.2E
CNA
ciscoios
3.10.3E
CNA
ciscoios
16.11.1
CNA
ciscoios
16.11.1a
CNA
ciscoios
16.11.1b
CNA
ciscoios
16.11.2
CNA
ciscoios
16.11.1s
CNA
ciscoios
16.12.1
CNA
ciscoios
16.12.1s
CNA
ciscoios
16.12.1a
CNA
ciscoios
16.12.1c
CNA
ciscoios
16.12.1w
CNA
ciscoios
16.12.2
CNA
ciscoios
16.12.1y
CNA
ciscoios
16.12.2a
CNA
ciscoios
16.12.3
CNA
ciscoios
16.12.8
CNA
ciscoios
16.12.2s
CNA
ciscoios
16.12.1x
CNA
ciscoios
16.12.1t
CNA
ciscoios
16.12.4
CNA
ciscoios
16.12.3s
CNA
ciscoios
16.12.3a
CNA
ciscoios
16.12.4a
CNA
ciscoios
16.12.5
CNA
ciscoios
16.12.6
CNA
ciscoios
16.12.1z1
CNA
ciscoios
16.12.5a
CNA
ciscoios
16.12.5b
CNA
ciscoios
16.12.1z2
CNA
ciscoios
16.12.6a
CNA
ciscoios
16.12.7
CNA
ciscoios
16.12.9
CNA
ciscoios
16.12.10
CNA
ciscoios
16.12.10a
CNA
ciscoios
16.12.11
CNA
ciscoios
16.12.12
CNA
ciscoios
16.12.13
CNA
ciscoios
3.11.0E
CNA
ciscoios
3.11.1E
CNA
ciscoios
3.11.2E
CNA
ciscoios
3.11.3E
CNA
ciscoios
3.11.4E
CNA
ciscoios
3.11.5E
CNA
ciscoios
3.11.6E
CNA
ciscoios
3.11.7E
CNA
ciscoios
3.11.8E
CNA
ciscoios
3.11.9E
CNA
ciscoios
3.11.10E
CNA
ciscoios
3.11.11E
CNA
ciscoios
3.11.12E
CNA
ciscoios
17.1.1
CNA
ciscoios
17.1.1a
CNA
ciscoios
17.1.1s
CNA
ciscoios
17.1.1t
CNA
ciscoios
17.1.3
CNA
ciscoios
17.2.1
CNA
ciscoios
17.2.1r
CNA
ciscoios
17.2.1a
CNA
ciscoios
17.2.1v
CNA
ciscoios
17.2.2
CNA
ciscoios
17.2.3
CNA
ciscoios
17.3.1
CNA
ciscoios
17.3.2
CNA
ciscoios
17.3.3
CNA
ciscoios
17.3.1a
CNA
ciscoios
17.3.1w
CNA
ciscoios
17.3.2a
CNA
ciscoios
17.3.1x
CNA
ciscoios
17.3.1z
CNA
ciscoios
17.3.4
CNA
ciscoios
17.3.5
CNA
ciscoios
17.3.4a
CNA
ciscoios
17.3.6
CNA
ciscoios
17.3.4b
CNA
ciscoios
17.3.4c
CNA
ciscoios
17.3.5a
CNA
ciscoios
17.3.5b
CNA
ciscoios
17.3.7
CNA
ciscoios
17.3.8
CNA
ciscoios
17.3.8a
CNA
ciscoios
17.4.1
CNA
ciscoios
17.4.2
CNA
ciscoios
17.4.1a
CNA
ciscoios
17.4.1b
CNA
ciscoios
17.4.2a
CNA
ciscoios
17.5.1
CNA
ciscoios
17.5.1a
CNA
ciscoios
17.6.1
CNA
ciscoios
17.6.2
CNA
ciscoios
17.6.1w
CNA
ciscoios
17.6.1a
CNA
ciscoios
17.6.1x
CNA
ciscoios
17.6.3
CNA
ciscoios
17.6.1y
CNA
ciscoios
17.6.1z
CNA
ciscoios
17.6.3a
CNA
ciscoios
17.6.4
CNA
ciscoios
17.6.1z1
CNA
ciscoios
17.6.5
CNA
ciscoios
17.6.6
CNA
ciscoios
17.6.6a
CNA
ciscoios
17.6.5a
CNA
ciscoios
17.6.7
CNA
ciscoios
17.6.8
CNA
ciscoios
17.6.8a
CNA
ciscoios
17.7.1
CNA
ciscoios
17.7.1a
CNA
ciscoios
17.7.1b
CNA
ciscoios
17.7.2
CNA
ciscoios
17.10.1
CNA
ciscoios
17.10.1a
CNA
ciscoios
17.10.1b
CNA
ciscoios
17.8.1
CNA
ciscoios
17.8.1a
CNA
ciscoios
17.9.1
CNA
ciscoios
17.9.1w
CNA
ciscoios
17.9.2
CNA
ciscoios
17.9.1a
CNA
ciscoios
17.9.1x
CNA
ciscoios
17.9.1y
CNA
ciscoios
17.9.3
CNA
ciscoios
17.9.2a
CNA
ciscoios
17.9.1x1
CNA
ciscoios
17.9.3a
CNA
ciscoios
17.9.4
CNA
ciscoios
17.9.1y1
CNA
ciscoios
17.9.5
CNA
ciscoios
17.9.4a
CNA
ciscoios
17.9.5a
CNA
ciscoios
17.9.5b
CNA
ciscoios
17.9.6
CNA
ciscoios
17.9.6a
CNA
ciscoios
17.9.7
CNA
ciscoios
17.9.5e
CNA
ciscoios
17.9.5f
CNA
ciscoios
17.9.7a
CNA
ciscoios
17.9.7b
CNA
ciscoios
17.11.1
CNA
ciscoios
17.11.1a
CNA
ciscoios
17.12.1
CNA
ciscoios
17.12.1w
CNA
ciscoios
17.12.1a
CNA
ciscoios
17.12.1x
CNA
ciscoios
17.12.2
CNA
ciscoios
17.12.3
CNA
ciscoios
17.12.2a
CNA
ciscoios
17.12.1y
CNA
ciscoios
17.12.1z
CNA
ciscoios
17.12.4
CNA
ciscoios
17.12.3a
CNA
ciscoios
17.12.1z1
CNA
ciscoios
17.12.1z2
CNA
ciscoios
17.12.4a
CNA
ciscoios
17.12.5
CNA
ciscoios
17.12.4b
CNA
ciscoios
17.12.1z3
CNA
ciscoios
17.12.5a
CNA
ciscoios
17.12.1z4
CNA
ciscoios
17.12.5b
CNA
ciscoios
17.12.5c
CNA
ciscoios
17.13.1
CNA
ciscoios
17.13.1a
CNA
ciscoios
17.14.1
CNA
ciscoios
17.14.1a
CNA
ciscoios
17.15.1
CNA
ciscoios
17.15.1w
CNA
ciscoios
17.15.1a
CNA
ciscoios
17.15.2
CNA
ciscoios
17.15.1b
CNA
ciscoios
17.15.1x
CNA
ciscoios
17.15.3
CNA
ciscoios
17.15.2c
CNA
ciscoios
17.15.2a
CNA
ciscoios
17.15.1y
CNA
ciscoios
17.15.2b
CNA
ciscoios
17.15.3a
CNA
ciscoios
17.15.3b
CNA
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw