A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication.

This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00146.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco IOS affected
Version Status Constraints
15.2(6)E1 affected
15.2(4)E6 affected
15.2(6)E2 affected
15.2(4)E7 affected
15.2(7)E affected
15.2(4)E8 affected
15.2(6)E2a affected
15.2(6)E2b affected
15.2(7)E1 affected
15.2(7)E0a affected
15.2(7)E0b affected
15.2(7)E0s affected
15.2(6)E3 affected
15.2(4)E9 affected
15.2(7)E2 affected
15.2(7a)E0b affected
15.2(4)E10 affected
15.2(7)E3 affected
15.2(7)E1a affected
15.2(7b)E0b affected
15.2(7)E2a affected
15.2(4)E10a affected
15.2(7)E4 affected
15.2(7)E3k affected
15.2(8)E affected
15.2(8)E1 affected
15.2(7)E5 affected
15.2(7)E6 affected
15.2(8)E2 affected
15.2(4)E10d affected
15.2(7)E7 affected
15.2(8)E3 affected
15.2(7)E8 affected
15.2(8)E4 affected
15.2(7)E9 affected
15.2(8)E5 affected
15.2(8)E6 affected
15.2(7)E10 affected
15.2(7)E11 affected
15.2(8)E7 affected
15.2(7)E12 affected
15.5(3)S8 affected
15.5(3)S9 affected
15.5(3)S10 affected
15.5(3)S9a affected
15.2(6)EB affected
15.5(3)M7 affected
15.5(3)M8 affected
15.5(3)M9 affected
15.5(3)M10 affected
15.6(2)SP5 affected
15.6(2)SP6 affected
15.6(2)SP7 affected
15.6(2)SP8 affected
15.6(2)SP9 affected
15.6(3)M4 affected
15.6(3)M5 affected
15.6(3)M6 affected
15.6(3)M7 affected
15.6(3)M6a affected
15.6(3)M6b affected
15.6(3)M8 affected
15.6(3)M9 affected
15.5(1)SY2 affected
15.5(1)SY3 affected
15.5(1)SY4 affected
15.5(1)SY5 affected
15.5(1)SY6 affected
15.5(1)SY7 affected
15.5(1)SY8 affected
15.5(1)SY9 affected
15.5(1)SY10 affected
15.5(1)SY11 affected
15.5(1)SY12 affected
15.5(1)SY13 affected
15.5(1)SY14 affected
15.5(1)SY15 affected
15.7(3)M3 affected
15.7(3)M2 affected
15.7(3)M4 affected
15.7(3)M5 affected
15.7(3)M4a affected
15.7(3)M4b affected
15.7(3)M6 affected
15.7(3)M7 affected
15.7(3)M8 affected
15.7(3)M9 affected
15.8(3)M affected
15.8(3)M1 affected
15.8(3)M0a affected
15.8(3)M0b affected
15.8(3)M2 affected
15.8(3)M1a affected
15.8(3)M3 affected
15.8(3)M2a affected
15.8(3)M4 affected
15.8(3)M3a affected
15.8(3)M3b affected
15.8(3)M5 affected
15.8(3)M6 affected
15.8(3)M7 affected
15.8(3)M8 affected
15.8(3)M9 affected
15.9(3)M affected
15.9(3)M1 affected
15.9(3)M0a affected
15.9(3)M2 affected
15.9(3)M3 affected
15.9(3)M2a affected
15.9(3)M3a affected
15.9(3)M4 affected
15.9(3)M3b affected
15.9(3)M5 affected
15.9(3)M4a affected
15.9(3)M6 affected
15.9(3)M7 affected
15.9(3)M6a affected
15.9(3)M6b affected
15.9(3)M8 affected
15.9(3)M7a affected
15.9(3)M9 affected
15.9(3)M8b affected
15.9(3)M10 affected
15.9(3)M11 affected
Cisco Cisco IOS XE Software affected
Version Status Constraints
3.16.8S affected
3.16.9S affected
3.16.10S affected
3.8.6E affected
3.8.7E affected
3.8.8E affected
3.8.9E affected
3.8.10E affected
3.18.5SP affected
3.18.6SP affected
3.18.7SP affected
3.18.8aSP affected
3.18.9SP affected
16.6.5 affected
16.6.5a affected
16.6.6 affected
16.6.7 affected
16.6.8 affected
16.6.9 affected
16.6.10 affected
16.8.1 affected
16.8.1a affected
16.8.1b affected
16.8.1s affected
16.8.1c affected
16.8.1d affected
16.8.2 affected
16.8.1e affected
16.8.3 affected
16.9.1 affected
16.9.2 affected
16.9.1a affected
16.9.1b affected
16.9.1s affected
16.9.3 affected
16.9.4 affected
16.9.3a affected
16.9.5 affected
16.9.5f affected
16.9.6 affected
16.9.7 affected
16.9.8 affected
16.10.1 affected
16.10.1a affected
16.10.1b affected
16.10.1s affected
16.10.1c affected
16.10.1e affected
16.10.1d affected
16.10.2 affected
16.10.1f affected
16.10.1g affected
16.10.3 affected
3.10.1E affected
3.10.2E affected
3.10.3E affected
16.11.1 affected
16.11.1a affected
16.11.1b affected
16.11.2 affected
16.11.1s affected
16.12.1 affected
16.12.1s affected
16.12.1a affected
16.12.1c affected
16.12.1w affected
16.12.2 affected
16.12.1y affected
16.12.2a affected
16.12.3 affected
16.12.8 affected
16.12.2s affected
16.12.1x affected
16.12.1t affected
16.12.4 affected
16.12.3s affected
16.12.3a affected
16.12.4a affected
16.12.5 affected
16.12.6 affected
16.12.1z1 affected
16.12.5a affected
16.12.5b affected
16.12.1z2 affected
16.12.6a affected
16.12.7 affected
16.12.9 affected
16.12.10 affected
16.12.10a affected
16.12.11 affected
16.12.12 affected
16.12.13 affected
3.11.0E affected
3.11.1E affected
3.11.2E affected
3.11.3E affected
3.11.1aE affected
3.11.4E affected
3.11.3aE affected
3.11.5E affected
3.11.6E affected
3.11.7E affected
3.11.8E affected
3.11.9E affected
3.11.10E affected
3.11.11E affected
3.11.12E affected
17.1.1 affected
17.1.1a affected
17.1.1s affected
17.1.1t affected
17.1.3 affected
17.2.1 affected
17.2.1r affected
17.2.1a affected
17.2.1v affected
17.2.2 affected
17.2.3 affected
17.3.1 affected
17.3.2 affected
17.3.3 affected
17.3.1a affected
17.3.1w affected
17.3.2a affected
17.3.1x affected
17.3.1z affected
17.3.4 affected
17.3.5 affected
17.3.4a affected
17.3.6 affected
17.3.4b affected
17.3.4c affected
17.3.5a affected
17.3.5b affected
17.3.7 affected
17.3.8 affected
17.3.8a affected
17.4.1 affected
17.4.2 affected
17.4.1a affected
17.4.1b affected
17.4.2a affected
17.5.1 affected
17.5.1a affected
17.6.1 affected
17.6.2 affected
17.6.1w affected
17.6.1a affected
17.6.1x affected
17.6.3 affected
17.6.1y affected
17.6.1z affected
17.6.3a affected
17.6.4 affected
17.6.1z1 affected
17.6.5 affected
17.6.6 affected
17.6.6a affected
17.6.5a affected
17.6.7 affected
17.6.8 affected
17.6.8a affected
17.7.1 affected
17.7.1a affected
17.7.1b affected
17.7.2 affected
17.10.1 affected
17.10.1a affected
17.10.1b affected
17.8.1 affected
17.8.1a affected
17.9.1 affected
17.9.1w affected
17.9.2 affected
17.9.1a affected
17.9.1x affected
17.9.1y affected
17.9.3 affected
17.9.2a affected
17.9.1x1 affected
17.9.3a affected
17.9.4 affected
17.9.1y1 affected
17.9.5 affected
17.9.4a affected
17.9.5a affected
17.9.5b affected
17.9.6 affected
17.9.6a affected
17.9.7 affected
17.9.5e affected
17.9.5f affected
17.9.7a affected
17.9.7b affected
17.11.1 affected
17.11.1a affected
17.12.1 affected
17.12.1w affected
17.12.1a affected
17.12.1x affected
17.12.2 affected
17.12.3 affected
17.12.2a affected
17.12.1y affected
17.12.1z affected
17.12.4 affected
17.12.3a affected
17.12.1z1 affected
17.12.1z2 affected
17.12.4a affected
17.12.5 affected
17.12.4b affected
17.12.1z3 affected
17.12.5a affected
17.12.1z4 affected
17.12.5b affected
17.12.5c affected
17.13.1 affected
17.13.1a affected
17.14.1 affected
17.14.1a affected
17.11.99SW affected
17.15.1 affected
17.15.1w affected
17.15.1a affected
17.15.2 affected
17.15.1b affected
17.15.1x affected
17.15.3 affected
17.15.2c affected
17.15.2a affected
17.15.1y affected
17.15.2b affected
17.15.3a affected
17.15.3b affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Cisco Subscribe
Ios Subscribe
Ios Xe Software Subscribe

Project Subscriptions

Vendors Products
Cisco Subscribe
Ios Subscribe
Ios Xe Software Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2025-31035 A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw cve-icon cve-icon
History

Thu, 25 Sep 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios
Cisco ios Xe Software

Wed, 24 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 24 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device.
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-10-01T16:49:08.602Z

Reserved: 2024-10-10T19:15:13.217Z

Link: CVE-2025-20160

cve-icon Vulnrichment

Updated: 2025-09-24T18:15:00.659Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-24T18:15:34.100

Modified: 2025-09-26T14:32:53.583

Link: CVE-2025-20160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-25T08:21:07Z

Weaknesses