CVE-2025-20160

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the implementation of the TACACS+ protocol that may allow a remote attacker to view sensitive data or bypass authentication. The issue arises because the system does not verify the configuration of the required TACACS+ shared secret. An attacker positioned between the communicating parties could intercept unencrypted TACACS+ messages or impersonate the TACACS+ server to falsely accept authentication requests. Successful exploitation could lead to the disclosure of sensitive information within TACACS+ messages or unauthorized access to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.