CWE-141
AllowedImproper Neutralization of Parameter/Argument Delimiters
Abstraction: Variant · Status: Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
15 vulnerabilities reference this CWE, most recent first.
CVE-2026-56813 (GCVE-0-2026-56813)
Vulnerability from cvelistv5 – Published: 2026-07-10 12:51 – Updated: 2026-07-10 14:45- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| URL | Tags |
|---|---|
| https://github.com/elixir-plug/plug/security/advi… | vendor-advisoryrelated |
| https://cna.erlef.org/cves/CVE-2026-56813.html | related |
| https://osv.dev/vulnerability/EEF-CVE-2026-56813 | related |
| https://github.com/elixir-plug/plug/commit/c65758… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| elixir-plug | plug |
Affected:
0.1.0 , < 1.16.6
(semver)
Affected: 1.17.0 , < 1.17.4 (semver) Affected: 1.18.0 , < 1.18.5 (semver) Affected: 1.19.0 , < 1.19.5 (semver) Affected: 1.20.0 , < 1.20.3 (semver) cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:* |
|
| elixir-plug | plug |
Affected:
f26876aa67aaeb38e616638aa3efbcc2fe2906a5 , < *
(git)
cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T14:43:36.298825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T14:43:45.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Plug.Conn.Cookies\u0027",
"\u0027Elixir.Plug.Conn\u0027"
],
"packageName": "plug",
"packageURL": "pkg:hex/plug",
"product": "plug",
"programFiles": [
"lib/plug/conn/cookies.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2"
},
{
"name": "\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4"
}
],
"repo": "https://github.com/elixir-plug/plug",
"vendor": "elixir-plug",
"versions": [
{
"lessThan": "1.16.6",
"status": "affected",
"version": "0.1.0",
"versionType": "semver"
},
{
"lessThan": "1.17.4",
"status": "affected",
"version": "1.17.0",
"versionType": "semver"
},
{
"lessThan": "1.18.5",
"status": "affected",
"version": "1.18.0",
"versionType": "semver"
},
{
"lessThan": "1.19.5",
"status": "affected",
"version": "1.19.0",
"versionType": "semver"
},
{
"lessThan": "1.20.3",
"status": "affected",
"version": "1.20.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Plug.Conn.Cookies\u0027",
"\u0027Elixir.Plug.Conn\u0027"
],
"packageName": "elixir-plug/plug",
"packageURL": "pkg:github/elixir-plug/plug",
"product": "plug",
"programFiles": [
"lib/plug/conn/cookies.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Plug.Conn.Cookies\u0027:encode/2"
},
{
"name": "\u0027Elixir.Plug.Conn\u0027:put_resp_cookie/4"
}
],
"repo": "https://github.com/elixir-plug/plug",
"vendor": "elixir-plug",
"versions": [
{
"changes": [
{
"at": "3f00dfad4e20ba88472e315c90a25742bf178f8e",
"status": "unaffected"
},
{
"at": "a6d1248659022749869963fd302687165ecf8c8b",
"status": "unaffected"
},
{
"at": "4167981747fe9ce75f374b94a28861ae950ea992",
"status": "unaffected"
},
{
"at": "149d9ed68fee0b4f77efd1e835ce5d785856697b",
"status": "unaffected"
},
{
"at": "eceb8315ce9a31ef784943a95a8624ebd1bc7e06",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "f26876aa67aaeb38e616638aa3efbcc2fe2906a5",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16.6",
"versionStartIncluding": "0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18.5",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.19.5",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.3",
"versionStartIncluding": "1.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Ullrich"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jos\u00e9 Valim"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\u003c/p\u003e\u003cp\u003eThe \u003ctt\u003ePlug.Conn.Cookies.encode/2\u003c/tt\u003e function in \u003ctt\u003elib/plug/conn/cookies.ex\u003c/tt\u003e builds the \u003ctt\u003eSet-Cookie\u003c/tt\u003e response header by interpolating the cookie value and its \u003ctt\u003epath\u003c/tt\u003e, \u003ctt\u003edomain\u003c/tt\u003e, \u003ctt\u003esame_site\u003c/tt\u003e, and \u003ctt\u003eextra\u003c/tt\u003e attributes directly into the header without neutralizing the \u003ctt\u003e;\u003c/tt\u003e delimiter that separates cookie attributes.\u003c/p\u003e\u003cp\u003eAn application that places attacker-controlled data into a cookie value or attribute (for example via \u003ctt\u003ePlug.Conn.put_resp_cookie/4\u003c/tt\u003e when reflecting a username or preference) lets an attacker inject a \u003ctt\u003e;\u003c/tt\u003e to append or override cookie attributes (such as \u003ctt\u003eDomain\u003c/tt\u003e and \u003ctt\u003ePath\u003c/tt\u003e scope, or dropping the \u003ctt\u003eSecure\u003c/tt\u003e and \u003ctt\u003eHttpOnly\u003c/tt\u003e flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by \u003ctt\u003ePlug.Conn\u003c/tt\u003e header validation, so HTTP response splitting is not possible, but attribute injection through \u003ctt\u003e;\u003c/tt\u003e is not prevented.\u003c/p\u003e\u003cp\u003eThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\n\nThe Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the \u0027;\u0027 delimiter that separates cookie attributes.\n\nAn application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a \u0027;\u0027 to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through \u0027;\u0027 is not prevented.\n\nThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3."
}
],
"impacts": [
{
"capecId": "CAPEC-61",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-61 Session Fixation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T14:45:34.174Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/elixir-plug/plug/security/advisories/GHSA-wpmj-jh88-rpgm"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-56813.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-56813"
},
{
"tags": [
"patch"
],
"url": "https://github.com/elixir-plug/plug/commit/c6575800b2c4e15af1904df87522ca8a23da020c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cookie attribute injection in Plug.Conn.Cookies.encode/2",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eValidate or reject the \u003ctt\u003e;\u003c/tt\u003e delimiter in any untrusted data before passing it as a cookie value or attribute to \u003ctt\u003ePlug.Conn.put_resp_cookie/4\u003c/tt\u003e or \u003ctt\u003ePlug.Conn.Cookies.encode/2\u003c/tt\u003e. Carriage return, line feed, and null bytes are already rejected by \u003ctt\u003ePlug.Conn\u003c/tt\u003e header validation.\u003c/p\u003e"
}
],
"value": "Validate or reject the \u0027;\u0027 delimiter in any untrusted data before passing it as a cookie value or attribute to Plug.Conn.put_resp_cookie/4 or Plug.Conn.Cookies.encode/2. Carriage return, line feed, and null bytes are already rejected by Plug.Conn header validation."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-56813",
"datePublished": "2026-07-10T12:51:08.758Z",
"dateReserved": "2026-06-23T12:29:02.507Z",
"dateUpdated": "2026-07-10T14:45:34.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31329 (GCVE-0-2025-31329)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:16 – Updated: 2025-05-13 13:55- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP and ABAP Platform |
Affected:
SAP_BASIS 700
Affected: SAP_BASIS 701 Affected: SAP_BASIS 702 Affected: SAP_BASIS 731 Affected: SAP_BASIS 740 Affected: SAP_BASIS 750 Affected: SAP_BASIS 751 Affected: SAP_BASIS 752 Affected: SAP_BASIS 753 Affected: SAP_BASIS 754 Affected: SAP_BASIS 755 Affected: SAP_BASIS 756 Affected: SAP_BASIS 757 Affected: SAP_BASIS 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:55:50.794345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:55:58.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_BASIS 700"
},
{
"status": "affected",
"version": "SAP_BASIS 701"
},
{
"status": "affected",
"version": "SAP_BASIS 702"
},
{
"status": "affected",
"version": "SAP_BASIS 731"
},
{
"status": "affected",
"version": "SAP_BASIS 740"
},
{
"status": "affected",
"version": "SAP_BASIS 750"
},
{
"status": "affected",
"version": "SAP_BASIS 751"
},
{
"status": "affected",
"version": "SAP_BASIS 752"
},
{
"status": "affected",
"version": "SAP_BASIS 753"
},
{
"status": "affected",
"version": "SAP_BASIS 754"
},
{
"status": "affected",
"version": "SAP_BASIS 755"
},
{
"status": "affected",
"version": "SAP_BASIS 756"
},
{
"status": "affected",
"version": "SAP_BASIS 757"
},
{
"status": "affected",
"version": "SAP_BASIS 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:17:19.984Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3577287"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31329",
"datePublished": "2025-05-13T00:16:51.190Z",
"dateReserved": "2025-03-27T23:02:06.906Z",
"dateUpdated": "2025-05-13T13:55:58.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20338 (GCVE-0-2025-20338)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:14 – Updated: 2026-02-26 17:48- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
3.5.0E
Affected: 3.5.1E Affected: 3.5.2E Affected: 3.5.3E Affected: 3.11.1S Affected: 3.11.2S Affected: 3.11.0S Affected: 3.11.3S Affected: 3.11.4S Affected: 3.12.0S Affected: 3.12.1S Affected: 3.12.2S Affected: 3.12.3S Affected: 3.12.0aS Affected: 3.12.4S Affected: 3.13.0S Affected: 3.13.1S Affected: 3.13.2S Affected: 3.13.3S Affected: 3.13.4S Affected: 3.13.5S Affected: 3.13.2aS Affected: 3.13.0aS Affected: 3.13.5aS Affected: 3.13.6S Affected: 3.13.7S Affected: 3.13.6aS Affected: 3.13.7aS Affected: 3.13.8S Affected: 3.13.9S Affected: 3.13.10S Affected: 3.6.0E Affected: 3.6.1E Affected: 3.6.2aE Affected: 3.6.2E Affected: 3.6.3E Affected: 3.6.4E Affected: 3.6.5E Affected: 3.6.6E Affected: 3.6.5aE Affected: 3.6.7E Affected: 3.6.8E Affected: 3.6.7bE Affected: 3.6.9E Affected: 3.6.10E Affected: 3.14.0S Affected: 3.14.1S Affected: 3.14.2S Affected: 3.14.3S Affected: 3.14.4S Affected: 3.15.0S Affected: 3.15.1S Affected: 3.15.2S Affected: 3.15.1cS Affected: 3.15.3S Affected: 3.15.4S Affected: 3.7.0E Affected: 3.7.1E Affected: 3.7.2E Affected: 3.7.3E Affected: 3.7.4E Affected: 3.7.5E Affected: 3.5.0SQ Affected: 3.5.1SQ Affected: 3.5.2SQ Affected: 3.5.3SQ Affected: 3.5.4SQ Affected: 3.5.5SQ Affected: 3.5.6SQ Affected: 3.5.7SQ Affected: 3.5.8SQ Affected: 3.16.0S Affected: 3.16.1S Affected: 3.16.1aS Affected: 3.16.2S Affected: 3.16.2aS Affected: 3.16.0cS Affected: 3.16.3S Affected: 3.16.2bS Affected: 3.16.3aS Affected: 3.16.4S Affected: 3.16.4aS Affected: 3.16.4bS Affected: 3.16.5S Affected: 3.16.4dS Affected: 3.16.6S Affected: 3.16.7S Affected: 3.16.6bS Affected: 3.16.7aS Affected: 3.16.7bS Affected: 3.16.8S Affected: 3.16.9S Affected: 3.16.10S Affected: 3.17.0S Affected: 3.17.1S Affected: 3.17.2S Affected: 3.17.1aS Affected: 3.17.3S Affected: 3.17.4S Affected: 3.8.0E Affected: 3.8.1E Affected: 3.8.2E Affected: 3.8.3E Affected: 3.8.4E Affected: 3.8.5E Affected: 3.8.5aE Affected: 3.8.6E Affected: 3.8.7E Affected: 3.8.8E Affected: 3.8.9E Affected: 3.8.10E Affected: 3.8.10eE Affected: 3.18.0aS Affected: 3.18.0S Affected: 3.18.1S Affected: 3.18.2S Affected: 3.18.3S Affected: 3.18.4S Affected: 3.18.0SP Affected: 3.18.1SP Affected: 3.18.1aSP Affected: 3.18.1bSP Affected: 3.18.1cSP Affected: 3.18.2SP Affected: 3.18.2aSP Affected: 3.18.3SP Affected: 3.18.4SP Affected: 3.18.3aSP Affected: 3.18.3bSP Affected: 3.18.5SP Affected: 3.18.6SP Affected: 3.18.7SP Affected: 3.18.8aSP Affected: 3.18.9SP Affected: 3.9.0E Affected: 3.9.1E Affected: 3.9.2E Affected: 16.6.1 Affected: 16.6.2 Affected: 16.6.3 Affected: 16.6.4 Affected: 16.6.5 Affected: 16.6.4a Affected: 16.6.5a Affected: 16.6.6 Affected: 16.6.7 Affected: 16.6.8 Affected: 16.6.9 Affected: 16.6.10 Affected: 16.7.1 Affected: 16.7.1a Affected: 16.7.1b Affected: 16.7.2 Affected: 16.7.3 Affected: 16.7.4 Affected: 16.8.1 Affected: 16.8.1a Affected: 16.8.1b Affected: 16.8.1s Affected: 16.8.1c Affected: 16.8.1d Affected: 16.8.2 Affected: 16.8.1e Affected: 16.8.3 Affected: 16.9.1 Affected: 16.9.2 Affected: 16.9.1a Affected: 16.9.1b Affected: 16.9.1s Affected: 16.9.3 Affected: 16.9.4 Affected: 16.9.3a Affected: 16.9.5 Affected: 16.9.5f Affected: 16.9.6 Affected: 16.9.7 Affected: 16.9.8 Affected: 16.10.1 Affected: 16.10.1a Affected: 16.10.1b Affected: 16.10.1s Affected: 16.10.1c Affected: 16.10.1e Affected: 16.10.1d Affected: 16.10.2 Affected: 16.10.1f Affected: 16.10.1g Affected: 16.10.3 Affected: 3.10.0E Affected: 3.10.1E Affected: 3.10.0cE Affected: 3.10.2E Affected: 3.10.3E Affected: 16.11.1 Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.1w Affected: 16.12.2 Affected: 16.12.1y Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1x Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.1z1 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.1z2 Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 16.12.10 Affected: 16.12.10a Affected: 16.12.11 Affected: 16.12.12 Affected: 16.12.13 Affected: 3.11.0E Affected: 3.11.1E Affected: 3.11.2E Affected: 3.11.3E Affected: 3.11.1aE Affected: 3.11.4E Affected: 3.11.3aE Affected: 3.11.5E Affected: 3.11.6E Affected: 3.11.7E Affected: 3.11.8E Affected: 3.11.9E Affected: 3.11.10E Affected: 3.11.11E Affected: 3.11.12E Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.1w Affected: 17.3.2a Affected: 17.3.1x Affected: 17.3.1z Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1w Affected: 17.6.1a Affected: 17.6.1x Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.1z Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.1z1 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.6.7 Affected: 17.6.8 Affected: 17.6.8a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.1w Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.1x Affected: 17.9.1y Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.1x1 Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.1y1 Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.7 Affected: 17.9.5e Affected: 17.9.5f Affected: 17.9.7a Affected: 17.9.7b Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1w Affected: 17.12.1a Affected: 17.12.1x Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.2a Affected: 17.12.1y Affected: 17.12.1z Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z1 Affected: 17.12.1z2 Affected: 17.12.4a Affected: 17.12.5 Affected: 17.12.4b Affected: 17.12.1z3 Affected: 17.12.5a Affected: 17.12.1z4 Affected: 17.12.5b Affected: 17.12.5c Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.15.1 Affected: 17.15.1w Affected: 17.15.1a Affected: 17.15.2 Affected: 17.15.1b Affected: 17.15.1x Affected: 17.15.1z Affected: 17.15.3 Affected: 17.15.2c Affected: 17.15.2a Affected: 17.15.1y Affected: 17.15.2b Affected: 17.15.3a Affected: 17.15.3b Affected: 17.16.1 Affected: 17.16.1a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T03:55:59.851418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:00.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.8.8E"
},
{
"status": "affected",
"version": "3.8.9E"
},
{
"status": "affected",
"version": "3.8.10E"
},
{
"status": "affected",
"version": "3.8.10eE"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.18.6SP"
},
{
"status": "affected",
"version": "3.18.7SP"
},
{
"status": "affected",
"version": "3.18.8aSP"
},
{
"status": "affected",
"version": "3.18.9SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1c"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1d"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.1f"
},
{
"status": "affected",
"version": "16.10.1g"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.3E"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "16.12.12"
},
{
"status": "affected",
"version": "16.12.13"
},
{
"status": "affected",
"version": "3.11.0E"
},
{
"status": "affected",
"version": "3.11.1E"
},
{
"status": "affected",
"version": "3.11.2E"
},
{
"status": "affected",
"version": "3.11.3E"
},
{
"status": "affected",
"version": "3.11.1aE"
},
{
"status": "affected",
"version": "3.11.4E"
},
{
"status": "affected",
"version": "3.11.3aE"
},
{
"status": "affected",
"version": "3.11.5E"
},
{
"status": "affected",
"version": "3.11.6E"
},
{
"status": "affected",
"version": "3.11.7E"
},
{
"status": "affected",
"version": "3.11.8E"
},
{
"status": "affected",
"version": "3.11.9E"
},
{
"status": "affected",
"version": "3.11.10E"
},
{
"status": "affected",
"version": "3.11.11E"
},
{
"status": "affected",
"version": "3.11.12E"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.7"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.7a"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.1z2"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.1z3"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.12.1z4"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.3"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.1y"
},
{
"status": "affected",
"version": "17.15.2b"
},
{
"status": "affected",
"version": "17.15.3a"
},
{
"status": "affected",
"version": "17.15.3b"
},
{
"status": "affected",
"version": "17.16.1"
},
{
"status": "affected",
"version": "17.16.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:14:57.638Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e"
}
],
"source": {
"advisory": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"defects": [
"CSCwm41327"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20338",
"datePublished": "2025-09-24T17:14:57.638Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2026-02-26T17:48:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0840 (GCVE-0-2024-0840)
Vulnerability from cvelistv5 – Published: 2024-04-29 18:42 – Updated: 2024-08-01 18:18- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| Vendor | Product | Version | |
|---|---|---|---|
| Grandstream | UCM Series |
Affected:
0 , < <1.0.20.52
(custom)
|
|
| grandstream | ucm6202_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6204_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6208_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:* |
|
| grandstream | ucm6510_firmware |
Affected:
0 , < 1.0.20.52
(custom)
cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6202_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6204_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6208_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6510_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:17:53.854809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:09:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCM Series",
"vendor": "Grandstream",
"versions": [
{
"lessThan": "\u003c1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines (VulnCheck)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\u003cbr\u003e"
}
],
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T18:42:57.112Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\u003cbr\u003e"
}
],
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-25T17:00:00.000Z",
"value": "VulnCheck reports the vulnerability to Grandstream"
},
{
"lang": "en",
"time": "2024-01-26T02:00:00.000Z",
"value": "Grandstream acknowledges receipt"
},
{
"lang": "en",
"time": "2024-02-08T04:42:00.000Z",
"value": "Grandstream shares a patch build"
},
{
"lang": "en",
"time": "2024-04-26T04:11:00.000Z",
"value": "Grandstream releases 1.0.20.52"
}
],
"title": "Grandstream UCM Series IP PBX HTTP Parameter Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0840",
"datePublished": "2024-04-29T18:42:57.112Z",
"dateReserved": "2024-01-23T21:10:19.364Z",
"dateUpdated": "2024-08-01T18:18:18.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41665 (GCVE-0-2022-41665)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-12-09 10:44- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SICAM P850 |
Affected:
All versions < V3.10
|
|
| Siemens | SICAM P855 |
Affected:
All versions < V3.10
|
|
| Siemens | SICAM T |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:10:56.862942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:48:05.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions \u003c V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions \u003c V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions \u003c V3.10), SICAM T (All versions \u003c V3.0). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T10:44:04.904Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572005.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-41665",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-12-09T10:44:04.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-29873 (GCVE-0-2022-29873)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:47 – Updated: 2025-12-09 10:33- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM T (All versions \u003c V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T10:33:57.754Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-165073.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29873",
"datePublished": "2022-05-10T09:47:16.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-12-09T10:33:57.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-29872 (GCVE-0-2022-29872)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:47 – Updated: 2025-12-09 10:32- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM T (All versions \u003c V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T10:32:44.196Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-165073.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29872",
"datePublished": "2022-05-10T09:47:15.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-12-09T10:32:44.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7868 (GCVE-0-2020-7868)
Vulnerability from cvelistv5 – Published: 2021-06-29 13:39 – Updated: 2024-08-04 09:41- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "helpu.ocx",
"vendor": "HelpU",
"versions": [
{
"lessThanOrEqual": "2020.06.27",
"status": "affected",
"version": "2020.6.27.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T13:39:21.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Helpu remote code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7868",
"STATE": "PUBLIC",
"TITLE": "Helpu remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "helpu.ocx",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "2020.6.27.1",
"version_value": "2020.06.27"
}
]
}
}
]
},
"vendor_name": "HelpU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7868",
"datePublished": "2021-06-29T13:39:21.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-5GJP-3Q99-VXX5
Vulnerability from github – Published: 2025-09-24 18:30 – Updated: 2025-09-24 18:30A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
{
"affected": [],
"aliases": [
"CVE-2025-20338"
],
"database_specific": {
"cwe_ids": [
"CWE-141"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T18:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.\n\n This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.",
"id": "GHSA-5gjp-3q99-vxx5",
"modified": "2025-09-24T18:30:31Z",
"published": "2025-09-24T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20338"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5X6Q-C4XG-H54M
Vulnerability from github – Published: 2025-05-13 03:31 – Updated: 2025-05-13 03:31SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
{
"affected": [],
"aliases": [
"CVE-2025-31329"
],
"database_specific": {
"cwe_ids": [
"CWE-141"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T01:15:48Z",
"severity": "MODERATE"
},
"details": "SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.",
"id": "GHSA-5x6q-c4xg-h54m",
"modified": "2025-05-13T03:31:13Z",
"published": "2025-05-13T03:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31329"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3577287"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-28
Strategy: Output Encoding
While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation MIT-20
Strategy: Input Validation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.