Cisco Secure Network Analytics Manager API Authorization Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in the Cisco Secure Network Analytics Manager API, which could allow authenticated low-privileged users to generate fraudulent findings. Cisco has released updates to address this issue, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to create fraudulent findings. This vulnerability arises from insufficient authorization enforcement on a specific API. An attacker could exploit this by authenticating as a low-privileged user and making crafted API calls, potentially obfuscating legitimate findings in analytics reports or generating false alarms and alerts.

Affected products 🖥️

The following products are affected by this vulnerability:

  • Cisco Secure Network Analytics Manager
  • Cisco Secure Network Analytics Virtual Manager

Products confirmed not vulnerable include:

  • Secure Cloud Analytics
  • Secure Network Analytics Data Store
  • Secure Network Analytics Flow Collector
  • Secure Network Analytics Flow Sensor
  • Secure Network Analytics UDP Director
  • Secure Network Analytics Virtual Data Store
  • Secure Network Analytics Virtual Flow Collector
  • Secure Network Analytics Virtual Flow Sensor
  • Secure Network Analytics Virtual UDP Director

Fixed software 🔧

Upgrade to at least the first fixed release in your train (or later):

Product / Release Train First Fixed Release Notes
ISE / ISE-PIC 1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to address this vulnerability.

Risk in context 🎯

The vulnerability has a CVSS score of 6.5, categorized as medium severity. While it does not allow for complete system compromise, the potential for generating false findings and alerts could lead to significant operational disruptions and misinformed decision-making.

Fast facts ⚡

  • Vulnerability ID: CVE-2025-20257
  • CVSS Score: 6.5 (Medium)
  • Affected Products: Cisco Secure Network Analytics Manager, Cisco Secure Network Analytics Virtual Manager
  • Fixed Software: 7.5.2 SMC ROLLUP20250416-01

For leadership 🧭

It is crucial for organizations using Cisco Secure Network Analytics products to apply the necessary updates promptly to mitigate the risk of unauthorized access and potential misinformation in analytics reporting. Regularly reviewing security advisories and ensuring compliance with software updates can significantly enhance your organization’s security posture.