This page was not yet optimized for use on mobile devices.

Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12

Known vulnerabilities detected

Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.

CSV information

Status	active
Valid from	18.12.2024
Valid until	18.12.2029
Scheme	🇨🇦 CA
Manufacturer	Cisco Systems, Inc.
Category	Boundary Protection Devices and Systems
Security level	ALC_FLR.2, EAL2+
Maintenance updates	Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1 (01.04.2026) Certification report Security target

Heuristics summary

Certificate ID: 654-LSS

Certificate

certificate file processing did not finish successfully. Show more...

Download pdf: OK

Convert pdf to text: OK

Extract keywords: ERROR

Certificate PDF TXT

Extracted keywords

Vendor

Cisco Systems, Inc, Cisco

Security level

EAL 2+

Security Assurance Requirements (SAR)

ALC_FLR.2

Certificates

654-LSS

Evaluation facilities

Lightship Security

Certification report

Certification report PDF TXT

Extracted keywords

Symmetric Algorithms

AES

Protocols

IPsec

Vendor

Cisco, Cisco Systems, Inc

Security level

EAL 2+

Security Assurance Requirements (SAR)

ALC_FLR.2

Evaluation facilities

Lightship Security

Standards

ISO/IEC 17025

File metadata

Author	Clark, Cory P.
Creation date	D:20241219134245-05'00'
Modification date	D:20241219134245-05'00'
Pages	16
Creator	Microsoft® Word for Microsoft 365
Producer	Microsoft® Word for Microsoft 365

Security target

Security target PDF TXT

Extracted keywords

Symmetric Algorithms

AES, AES-, HMAC, HMAC-SHA-256

Hash functions

SHA256

Schemes

MAC, Key Exchange

Protocols

SSH, SSHv2, TLS v1.2, TLS v1.3, DTLS, DTLS v1.2, IKE, IKEv1, IKEv2, IPsec, VPN

Randomness

DRBG, RBG

Elliptic Curves

secp256r1

Block cipher modes

GCM

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Vendor

Cisco Systems, Inc, Cisco

Security level

EAL2, EAL2 augmented

Claims

O.ACCESS_CONTROL, O.ADMIN, O.AUDIT_GEN, O.AUDIT_VIEW, O.DATA, O.IDAUTH, O.SELFPRO, O.TIME, O.VPN, O.TOE_ADMINISTRATION, O.MEDIATE, O.PROTECTED_COMMS, O.ACCESS_CONTRO, O.TOE_ADMINISTRA, O.PROTECTED_COM, O.ACCESS_CONTROLL, O.AUDIT, O.SELPRO, O.ACCESS, O.ACCES_CONTROL, T.ACCOUNTABILITY, T.NOAUTH, T.VPN, T.ASPOOF, T.MEDIAT, T.NETWORK_COMPROMISE, T.ACCOUNTABIL, T.NOAU, T.VP, T.ASPO, T.MEDI, T.NETWO, A.ADMIN, A.CONNECTIONS, A.LOCATE, A.PHYSEC, OE, OE.ADMIN, OE.CONNECTION, OE.LOCATE, OE.PHYSEC

Security Assurance Requirements (SAR)

ADV_ARC.1, ADV_FSP.2, ADV_TDS.1, AGD_OPE.1, AGD_PRE.1, ALC_FLR.2, ALC_CMC.2, ALC_CMS.2, ALC_DEL.1, ATE_IND.2, ATE_FUN.1, ATE_COV.1, AVA_VAN.2, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1

Security Functional Requirements (SFR)

FAU_GEN, FAU_GEN.1, FAU_GEN.2, FAU_STG.1, FAU_STG.4, FAU_GEN.1.1, FAU_GEN.1.2, FAU_GEN.2.1, FAU_STG.1.1, FAU_STG.1.2, FAU_STG.4.1, FCS_RBG_EXT.1, FCS_RBG_EXT.1.1, FCS_RBG_EXT.1.2, FCS_CKM.1, FCS_CKM.2, FCS_CKM.4, FCS_COP.1, FCS_CKM.1.1, FCS_CKM.2.1, FCS_CKM.4.1, FDP_ITT.1, FDP_IFC.1, FDP_IFF.1, FDP_ITT.1.1, FDP_IFC.1.1, FDP_IFF.1.1, FDP_IFF.1.2, FDP_IFF.1.3, FDP_IFF.1.4, FDP_IFF.1.5, FDP_ITC.1, FDP_ITC.2, FDP_ACC.1, FIA_PMG_EXT, FIA_PMG_EXT.1, FIA_PMG_EXT.1.1, FIA_AFL.1, FIA_UID.1, FIA_UAU.2, FIA_UAU.7, FIA_AFL.1.1, FIA_AFL.1.2, FIA_UID.1.1, FIA_UID.1.2, FIA_UAU.2.1, FIA_UAU.7.1, FIA_UAU.1, FMT_MOF.1, FMT_MSA.1, FMT_MSA.3, FMT_MTD.1, FMT_SMF.1, FMT_SMR.2, FMT_MOF.1.1, FMT_MSA.1.1, FMT_MTD.1.1, FMT_SMF.1.1, FMT_SMR.2.1, FMT_SMR.2.2, FMT_SMR.2.3, FMT_SMR.1, FPT_APW_EXT, FPT_APW_EXT.1, FPT_APW_EXT.1.1, FPT_APW_EXT.1.2, FPT_STM.1, FPT_ITT.1, FPT_TST.1, FPT_STM.1.1, FPT_ITT, FPT_TST.1.1, FPT_TST.1.2, FPT_TST.1.3, FTA_SSL.1, FTA_SSL.3, FTA_SSL.4, FTA_TAB.1, FTA_SSL.1.1, FTA_SSL.1.2, FTA_SSL.4.1, FTP_TRP.1, FTP_TRP.1.2, FTP_TRP.1.3

Side-channel analysis

SPA

Certification process

out of scope, UTD) security features such as IPS, Cisco URL Filtering, AMP, and TLS/SSL proxy. This is out of scope for the evaluation, Defense (UTD) security features such as IPS, Cisco URL Filtering, AMP, and TLS/SSL proxy. This is out of scope for the evaluation. These services will be disabled by configuration settings. Cisco cEdge Routers

Standards

FIPS 198, SP 800-90A, RFC 6347, RFC 792, RFC 791, RFC 793, ISO/IEC 18033-3, ISO/IEC 19772, ISO/IEC 18031:2011, CCMB-2017-04-001, CCMB-2017-04-002, CCMB-2017-04-003, CCMB-2017-04-004

File metadata

Title	Microsoft Word - Cisco_cEdge_IOS-XE_17.12_SDWAN_20.12_EAL2_ST_v1.2 (1).docx
Author	conan
Creation date	D:20241217081136-05'00'
Modification date	D:20241217081136-05'00'
Pages	80
Producer	Microsoft: Print To PDF

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Certificate ID

654-LSS

Extracted SARs

ADV_ARC.1, ADV_FSP.2, ADV_TDS.1, AGD_OPE.1, AGD_PRE.1, ALC_CMC.2, ALC_CMS.2, ALC_DEL.1, ALC_FLR.2, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ATE_COV.1, ATE_FUN.1, ATE_IND.2, AVA_VAN.2

CPE matches

Related CVEs

ID	Links	Severity	CVSS Score	Published on
ID	Links	Severity	Base score	Published on
CVE-2019-12660	C N	MEDIUM	5.5	25.09.2019
CVE-2021-1383	C N	MEDIUM	6.7	24.03.2021
CVE-2021-1432	C N	HIGH	7.3	24.03.2021
CVE-2021-1619	C N	CRITICAL	9.1	23.09.2021
CVE-2023-20246	C N	MEDIUM	5.3	01.11.2023
CVE-2023-20273	C N	HIGH	7.2	25.10.2023
CVE-2023-44487	C N	HIGH	7.5	10.10.2023
CVE-2024-20271	C N	HIGH	8.6	27.03.2024
CVE-2024-20278	C N	MEDIUM	6.5	27.03.2024
CVE-2024-20306	C N	MEDIUM	6.7	27.03.2024
CVE-2024-20308	C N	HIGH	7.5	27.03.2024
CVE-2024-20309	C N	MEDIUM	5.5	27.03.2024
CVE-2024-20314	C N	HIGH	7.5	27.03.2024
CVE-2024-20316	C N	MEDIUM	5.3	27.03.2024
CVE-2024-20324	C N	MEDIUM	5.5	27.03.2024
CVE-2024-20414	C N	MEDIUM	6.5	25.09.2024
CVE-2024-20433	C N	HIGH	7.5	25.09.2024
CVE-2024-20434	C N	MEDIUM	4.3	25.09.2024
CVE-2024-20436	C N	HIGH	7.5	25.09.2024
CVE-2024-20437	C N	HIGH	8.8	25.09.2024
CVE-2024-20455	C N	HIGH	8.6	25.09.2024
CVE-2024-20467	C N	HIGH	8.6	25.09.2024
CVE-2024-20480	C N	HIGH	8.6	25.09.2024
CVE-2024-20510	C N	CRITICAL	9.3	25.09.2024
CVE-2025-20155	C N	MEDIUM	6.0	07.05.2025
CVE-2025-20162	C N	HIGH	8.6	07.05.2025
CVE-2025-20169	C N	HIGH	7.7	05.02.2025
CVE-2025-20170	C N	HIGH	7.7	05.02.2025
CVE-2025-20171	C N	HIGH	7.7	05.02.2025
CVE-2025-20172	C N	HIGH	7.7	05.02.2025
CVE-2025-20173	C N	HIGH	7.7	05.02.2025
CVE-2025-20175	C N	HIGH	7.7	05.02.2025
CVE-2025-20176	C N	HIGH	7.7	05.02.2025
CVE-2025-20186	C N	HIGH	8.8	07.05.2025
CVE-2025-20188	C N	CRITICAL	10.0	07.05.2025
CVE-2025-20193	C N	MEDIUM	6.5	07.05.2025
CVE-2025-20194	C N	MEDIUM	5.4	07.05.2025
CVE-2025-20195	C N	MEDIUM	4.3	07.05.2025
CVE-2025-20196	C N	MEDIUM	5.3	07.05.2025
CVE-2025-20197	C N	HIGH	8.2	07.05.2025
CVE-2025-20198	C N	HIGH	8.2	07.05.2025
CVE-2025-20199	C N	HIGH	8.2	07.05.2025
CVE-2025-20200	C N	HIGH	8.2	07.05.2025
CVE-2025-20201	C N	MEDIUM	6.7	07.05.2025
CVE-2025-20202	C N	HIGH	7.4	07.05.2025
CVE-2025-20214	C N	MEDIUM	4.3	07.05.2025
CVE-2025-20221	C N	CRITICAL	9.1	07.05.2025
CVE-2025-20338	C N	MEDIUM	6.7	24.09.2025
CVE-2025-20352	C N	HIGH	7.7	24.09.2025
CVE-2025-20363	C N	CRITICAL	9.0	25.09.2025

Showing 5 out of 50.

Similar certificates

Name	Certificate ID
Cisco Systems (1100, 1200, 1300, 1400 series Wireless Devices running IOS 12.3 (8JA2; 3200 series Wireless Router run...	CCEVS-VR-VID-6013-2008	Compare
Cisco Systems Routers (800, 1700, 1800, 2600XM, 2800, 3700, 3800, and 7200 running Cisco IOS Release 12.4(11)T2; 7300...	CCEVS-VR-VID-6014-2008	Compare
Cisco Aggregation Services Router 1000 Series (ASR1K), Cisco Cloud Services Router 1000V (CSR1000V), Cisco Integrated...	CCEVS-VR-11186-2021	Compare
Cisco 1000 Series Integrated Services Routers (C1100), Cisco Catalyst IR1800 Rugged Series Routers (IR1800), Cisco Ca...	CCEVS-VR-VID-11643-2025	Compare

Scheme data

Product	Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12 Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1 (April 2026)
Vendor	Cisco Systems, Inc.
Level	EAL 2+ (ALC_FLR.2)
Certification Date	18.12.2024

References

No references are available for this certificate.

Updates Feed

20.04.2026

The certificate data changed.
Certificate changed

The Maintenance Updates of the certificate were updated.

The new value is {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.cc.CCCertificate.MaintenanceReport', 'maintenance_date': '2026-04-01', 'maintenance_title': 'Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1', 'maintenance_report_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20MR%20v1.0.pdf', 'maintenance_st_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20ST%20v1.4.pdf'}]}.

The computed heuristics were updated.

The scheme_data property was updated, with the {'product': 'Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12 Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1 (April 2026)'} data.
02.03.2026

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The _type property was set to sec_certs.sample.cc_eucc_common.InternalState.

The cert property was updated, with the {'extract_ok': False} data.

The PDF extraction data was updated.

The _type property was set to sec_certs.sample.cc_eucc_common.PdfData.

The cert_metadata property was set to None.

The computed heuristics were updated.

The _type property was set to sec_certs.sample.cc_eucc_common.Heuristics.
16.02.2026

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The related_cves property was updated, with the {'_type': 'Set', 'elements': ['CVE-2025-20363']} values added.
15.12.2025

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'json_hash': None} values inserted.

The st property was updated, with the {'json_hash': None} values inserted.

The cert property was updated, with the {'json_hash': None} values inserted.

The computed heuristics were updated.

The cpe_matches property was set to {'_type': 'Set', 'elements': ['cpe:2.3:o:cisco:ios_xe:17.12.3:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1x:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.5:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1y:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.5a:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.5b:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe_sd-wan:17.12.1a:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.5c:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.1z3:*:*:*:*:*:*:*', 'cpe:2.3:o:cisco:ios_xe:17.12.3a:*:*:*:*:*:*:*']}.

The related_cves property was set to {'_type': 'Set', 'elements': ['CVE-2023-44487', 'CVE-2025-20198', 'CVE-2024-20433', 'CVE-2025-20155', 'CVE-2025-20201', 'CVE-2024-20480', 'CVE-2024-20314', 'CVE-2025-20221', 'CVE-2024-20324', 'CVE-2025-20193', 'CVE-2025-20173', 'CVE-2025-20170', 'CVE-2024-20308', 'CVE-2024-20434', 'CVE-2024-20278', 'CVE-2025-20175', 'CVE-2024-20414', 'CVE-2024-20510', 'CVE-2024-20436', 'CVE-2024-20309', 'CVE-2025-20171', 'CVE-2025-20197', 'CVE-2025-20169', 'CVE-2025-20188', 'CVE-2025-20202', 'CVE-2025-20352', 'CVE-2021-1383', 'CVE-2024-20271', 'CVE-2024-20467', 'CVE-2023-20246', 'CVE-2021-1432', 'CVE-2025-20176', 'CVE-2025-20338', 'CVE-2025-20195', 'CVE-2024-20316', 'CVE-2019-12660', 'CVE-2025-20186', 'CVE-2025-20199', 'CVE-2023-20273', 'CVE-2025-20172', 'CVE-2024-20306', 'CVE-2025-20162', 'CVE-2025-20214', 'CVE-2021-1619', 'CVE-2025-20200', 'CVE-2025-20196', 'CVE-2025-20194', 'CVE-2024-20437', 'CVE-2024-20455']}.
03.04.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The st_keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 9}}}}} data.
05.02.2025

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The st property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The cert property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

The computed heuristics were updated.

The following values were inserted: {'protection_profiles': None, 'eal': 'EAL2+'}.

The prev_certificates property was set to None.

The next_certificates property was set to None.
23.12.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.cc.CCCertificate",
  "category": "Boundary Protection Devices and Systems",
  "cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20CT%20v1.0.pdf",
  "dgst": "beb60ed58a76b232",
  "heuristics": {
    "_type": "sec_certs.sample.cc_eucc_common.Heuristics",
    "annotated_references": null,
    "cert_id": "654-LSS",
    "cert_lab": null,
    "cpe_matches": {
      "_type": "Set",
      "elements": [
        "cpe:2.3:o:cisco:ios_xe:17.12.5a:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe_sd-wan:17.12.1a:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.5c:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.3a:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.5:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1y:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1x:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.5b:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.3:*:*:*:*:*:*:*",
        "cpe:2.3:o:cisco:ios_xe:17.12.1z3:*:*:*:*:*:*:*"
      ]
    },
    "direct_transitive_cves": null,
    "eal": "EAL2+",
    "extracted_sars": {
      "_type": "Set",
      "elements": [
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DEL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_FUN",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AVA_VAN",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_IND",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_TDS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_INT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_COV",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_FLR",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_REQ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_FSP",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_ECD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_OBJ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_CCL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_ARC",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_OPE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_PRE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_TSS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMC",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMS",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_SPD",
          "level": 1
        }
      ]
    },
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "17.12",
        "20.12"
      ]
    },
    "indirect_transitive_cves": null,
    "next_certificates": null,
    "prev_certificates": null,
    "protection_profiles": null,
    "related_cves": {
      "_type": "Set",
      "elements": [
        "CVE-2023-44487",
        "CVE-2025-20176",
        "CVE-2023-20246",
        "CVE-2024-20278",
        "CVE-2025-20200",
        "CVE-2024-20480",
        "CVE-2024-20437",
        "CVE-2024-20510",
        "CVE-2025-20198",
        "CVE-2024-20434",
        "CVE-2025-20197",
        "CVE-2024-20271",
        "CVE-2025-20214",
        "CVE-2025-20172",
        "CVE-2023-20273",
        "CVE-2025-20188",
        "CVE-2025-20194",
        "CVE-2024-20309",
        "CVE-2024-20433",
        "CVE-2021-1432",
        "CVE-2025-20173",
        "CVE-2025-20170",
        "CVE-2025-20175",
        "CVE-2025-20221",
        "CVE-2025-20338",
        "CVE-2025-20195",
        "CVE-2021-1383",
        "CVE-2024-20467",
        "CVE-2025-20169",
        "CVE-2025-20155",
        "CVE-2024-20324",
        "CVE-2019-12660",
        "CVE-2025-20199",
        "CVE-2025-20196",
        "CVE-2024-20414",
        "CVE-2025-20201",
        "CVE-2021-1619",
        "CVE-2024-20455",
        "CVE-2024-20308",
        "CVE-2025-20171",
        "CVE-2024-20306",
        "CVE-2024-20314",
        "CVE-2025-20162",
        "CVE-2025-20202",
        "CVE-2025-20363",
        "CVE-2025-20186",
        "CVE-2025-20193",
        "CVE-2024-20316",
        "CVE-2024-20436",
        "CVE-2025-20352"
      ]
    },
    "report_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "scheme_data": {
      "certification_date": "2024-12-18",
      "level": "EAL 2+ (ALC_FLR.2)",
      "product": "Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12 Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1 (April 2026)",
      "vendor": "Cisco Systems, Inc."
    },
    "st_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "verified_cpe_matches": null
  },
  "maintenance_updates": {
    "_type": "Set",
    "elements": [
      {
        "_type": "sec_certs.sample.cc.CCCertificate.MaintenanceReport",
        "maintenance_date": "2026-04-01",
        "maintenance_report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20MR%20v1.0.pdf",
        "maintenance_st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20ST%20v1.4.pdf",
        "maintenance_title": "Cisco cEdge Routers running IOS XE 17.12.04 with SD-WAN 20.12.06.1"
      }
    ]
  },
  "manufacturer": "Cisco Systems, Inc.",
  "manufacturer_web": "https://www.cisco.com",
  "name": "Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12",
  "not_valid_after": "2029-12-18",
  "not_valid_before": "2024-12-18",
  "pdf_data": {
    "_type": "sec_certs.sample.cc_eucc_common.PdfData",
    "cert_filename": "654-LSS CT v1.0.pdf",
    "cert_frontpage": null,
    "cert_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "CA": {
          "654-LSS": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ALC": {
          "ALC_FLR.2": 1
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2+": 1
        }
      },
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "Lightship": {
          "Lightship Security": 1
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {},
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 1,
          "Cisco Systems, Inc": 1
        }
      },
      "vulnerability": {}
    },
    "cert_metadata": null,
    "report_filename": "654-LSS CR v1.0.pdf",
    "report_frontpage": {
      "CA": {}
    },
    "report_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {},
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ALC": {
          "ALC_FLR.2": 1
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2+": 1
        }
      },
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IPsec": {
          "IPsec": 2
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "Lightship": {
          "Lightship Security": 1
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "ISO": {
          "ISO/IEC 17025": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 4
          }
        }
      },
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 11,
          "Cisco Systems, Inc": 2
        }
      },
      "vulnerability": {}
    },
    "report_metadata": {
      "/Author": "Clark, Cory P.",
      "/CreationDate": "D:20241219134245-05\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ActionId": "f4235719-a1a3-4fb4-8b18-a47ac84bac11",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_ContentBits": "1",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Enabled": "true",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Method": "Privileged",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_Name": "UNCLASSIFIED",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SetDate": "2022-07-20T10:41:47Z",
      "/MSIP_Label_4dd2c6e0-f1e3-4cf2-bd0b-256ab4cff3af_SiteId": "da9cbe40-ec1e-4997-afb3-17d87574571a",
      "/ModDate": "D:20241219134245-05\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 669293,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://sec.cloudapps.cisco.com/security/center/publicationListing.x",
          "https://web.nvd.nist.gov/view/vuln/search",
          "https://cyber.gc.ca/en/alerts-advisories",
          "mailto:[email protected]",
          "https://www.google.ca/",
          "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 16
    },
    "st_filename": "654-LSS ST v1.2.pdf",
    "st_frontpage": null,
    "st_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {},
      "cc_claims": {
        "A": {
          "A.ADMIN": 3,
          "A.CONNECTIONS": 3,
          "A.LOCATE": 3,
          "A.PHYSEC": 3
        },
        "O": {
          "O.ACCESS": 1,
          "O.ACCESS_CONTRO": 1,
          "O.ACCESS_CONTROL": 15,
          "O.ACCESS_CONTROLL": 3,
          "O.ACCES_CONTROL": 1,
          "O.ADMIN": 9,
          "O.AUDIT": 1,
          "O.AUDIT_GEN": 10,
          "O.AUDIT_VIEW": 4,
          "O.DATA": 11,
          "O.IDAUTH": 12,
          "O.MEDIATE": 7,
          "O.PROTECTED_COM": 1,
          "O.PROTECTED_COMMS": 3,
          "O.SELFPRO": 12,
          "O.SELPRO": 1,
          "O.TIME": 7,
          "O.TOE_ADMINISTRA": 1,
          "O.TOE_ADMINISTRATION": 2,
          "O.VPN": 11
        },
        "OE": {
          "OE": 1,
          "OE.ADMIN": 3,
          "OE.CONNECTION": 2,
          "OE.LOCATE": 3,
          "OE.PHYSEC": 2
        },
        "T": {
          "T.ACCOUNTABIL": 1,
          "T.ACCOUNTABILITY": 2,
          "T.ASPO": 1,
          "T.ASPOOF": 2,
          "T.MEDI": 1,
          "T.MEDIAT": 2,
          "T.NETWO": 1,
          "T.NETWORK_COMPROMISE": 2,
          "T.NOAU": 1,
          "T.NOAUTH": 2,
          "T.VP": 1,
          "T.VPN": 2
        }
      },
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ADV": {
          "ADV_ARC.1": 2,
          "ADV_FSP.2": 2,
          "ADV_TDS.1": 2
        },
        "AGD": {
          "AGD_OPE.1": 2,
          "AGD_PRE.1": 2
        },
        "ALC": {
          "ALC_CMC.2": 2,
          "ALC_CMS.2": 2,
          "ALC_DEL.1": 2,
          "ALC_FLR.2": 4
        },
        "ASE": {
          "ASE_CCL.1": 1,
          "ASE_ECD.1": 1,
          "ASE_INT.1": 1,
          "ASE_OBJ.2": 1,
          "ASE_REQ.2": 1,
          "ASE_SPD.1": 1,
          "ASE_TSS.1": 1
        },
        "ATE": {
          "ATE_COV.1": 2,
          "ATE_FUN.1": 2,
          "ATE_IND.2": 2
        },
        "AVA": {
          "AVA_VAN.2": 2
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL2": 2,
          "EAL2 augmented": 2
        }
      },
      "cc_sfr": {
        "FAU": {
          "FAU_GEN": 4,
          "FAU_GEN.1": 11,
          "FAU_GEN.1.1": 1,
          "FAU_GEN.1.2": 1,
          "FAU_GEN.2": 7,
          "FAU_GEN.2.1": 1,
          "FAU_STG.1": 9,
          "FAU_STG.1.1": 1,
          "FAU_STG.1.2": 1,
          "FAU_STG.4": 5,
          "FAU_STG.4.1": 1
        },
        "FCS": {
          "FCS_CKM.1": 18,
          "FCS_CKM.1.1": 1,
          "FCS_CKM.2": 7,
          "FCS_CKM.2.1": 1,
          "FCS_CKM.4": 13,
          "FCS_CKM.4.1": 1,
          "FCS_COP.1": 15,
          "FCS_RBG_EXT.1": 17,
          "FCS_RBG_EXT.1.1": 2,
          "FCS_RBG_EXT.1.2": 2
        },
        "FDP": {
          "FDP_ACC.1": 1,
          "FDP_IFC.1": 12,
          "FDP_IFC.1.1": 1,
          "FDP_IFF.1": 8,
          "FDP_IFF.1.1": 1,
          "FDP_IFF.1.2": 1,
          "FDP_IFF.1.3": 1,
          "FDP_IFF.1.4": 1,
          "FDP_IFF.1.5": 1,
          "FDP_ITC.1": 4,
          "FDP_ITC.2": 4,
          "FDP_ITT.1": 12,
          "FDP_ITT.1.1": 1
        },
        "FIA": {
          "FIA_AFL.1": 9,
          "FIA_AFL.1.1": 1,
          "FIA_AFL.1.2": 1,
          "FIA_PMG_EXT": 3,
          "FIA_PMG_EXT.1": 11,
          "FIA_PMG_EXT.1.1": 2,
          "FIA_UAU.1": 2,
          "FIA_UAU.2": 9,
          "FIA_UAU.2.1": 1,
          "FIA_UAU.7": 6,
          "FIA_UAU.7.1": 1,
          "FIA_UID.1": 12,
          "FIA_UID.1.1": 1,
          "FIA_UID.1.2": 1
        },
        "FMT": {
          "FMT_MOF.1": 13,
          "FMT_MOF.1.1": 2,
          "FMT_MSA.1": 8,
          "FMT_MSA.1.1": 1,
          "FMT_MSA.3": 9,
          "FMT_MTD.1": 5,
          "FMT_MTD.1.1": 1,
          "FMT_SMF.1": 13,
          "FMT_SMF.1.1": 1,
          "FMT_SMR.1": 2,
          "FMT_SMR.2": 12,
          "FMT_SMR.2.1": 1,
          "FMT_SMR.2.2": 1,
          "FMT_SMR.2.3": 1
        },
        "FPT": {
          "FPT_APW_EXT": 3,
          "FPT_APW_EXT.1": 12,
          "FPT_APW_EXT.1.1": 2,
          "FPT_APW_EXT.1.2": 2,
          "FPT_ITT": 1,
          "FPT_ITT.1": 7,
          "FPT_STM.1": 9,
          "FPT_STM.1.1": 1,
          "FPT_TST.1": 7,
          "FPT_TST.1.1": 1,
          "FPT_TST.1.2": 1,
          "FPT_TST.1.3": 1
        },
        "FTA": {
          "FTA_SSL.1": 10,
          "FTA_SSL.1.1": 2,
          "FTA_SSL.1.2": 2,
          "FTA_SSL.3": 9,
          "FTA_SSL.4": 7,
          "FTA_SSL.4.1": 1,
          "FTA_TAB.1": 9
        },
        "FTP": {
          "FTP_TRP.1": 8,
          "FTP_TRP.1.2": 1,
          "FTP_TRP.1.3": 1
        }
      },
      "certification_process": {
        "OutOfScope": {
          "Defense (UTD) security features such as IPS, Cisco URL Filtering, AMP, and TLS/SSL proxy. This is out of scope for the evaluation. These services will be disabled by configuration settings. Cisco cEdge Routers": 1,
          "UTD) security features such as IPS, Cisco URL Filtering, AMP, and TLS/SSL proxy. This is out of scope for the evaluation": 1,
          "out of scope": 1
        }
      },
      "cipher_mode": {
        "GCM": {
          "GCM": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 1,
          "IKEv1": 1,
          "IKEv2": 1
        },
        "IPsec": {
          "IPsec": 13
        },
        "SSH": {
          "SSH": 12,
          "SSHv2": 9
        },
        "TLS": {
          "DTLS": {
            "DTLS": 11,
            "DTLS v1.2": 1
          },
          "TLS": {
            "TLS v1.2": 2,
            "TLS v1.3": 2
          }
        },
        "VPN": {
          "VPN": 20
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 3
        },
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "secp256r1": 7
        }
      },
      "eval_facility": {},
      "hash_function": {
        "SHA": {
          "SHA2": {
            "SHA256": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 6
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "SPA": 5
        }
      },
      "standard_id": {
        "CC": {
          "CCMB-2017-04-001": 1,
          "CCMB-2017-04-002": 1,
          "CCMB-2017-04-003": 1,
          "CCMB-2017-04-004": 1
        },
        "FIPS": {
          "FIPS 198": 1
        },
        "ISO": {
          "ISO/IEC 18031:2011": 6,
          "ISO/IEC 18033-3": 1,
          "ISO/IEC 19772": 2
        },
        "NIST": {
          "SP 800-90A": 2
        },
        "RFC": {
          "RFC 6347": 2,
          "RFC 791": 1,
          "RFC 792": 1,
          "RFC 793": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 14,
            "AES-": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 5,
            "HMAC-SHA-256": 1
          }
        }
      },
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 2,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 3
        }
      },
      "vendor": {
        "Cisco": {
          "Cisco": 54,
          "Cisco Systems, Inc": 6
        }
      },
      "vulnerability": {}
    },
    "st_metadata": {
      "/Author": "conan",
      "/CreationDate": "D:20241217081136-05\u002700\u0027",
      "/ModDate": "D:20241217081136-05\u002700\u0027",
      "/Producer": "Microsoft: Print To PDF",
      "/Title": "Microsoft Word - Cisco_cEdge_IOS-XE_17.12_SDWAN_20.12_EAL2_ST_v1.2 (1).docx",
      "pdf_file_size_bytes": 1976947,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 80
    }
  },
  "protection_profile_links": {
    "_type": "Set",
    "elements": []
  },
  "report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20CR%20v1.0.pdf",
  "scheme": "CA",
  "security_level": {
    "_type": "Set",
    "elements": [
      "ALC_FLR.2",
      "EAL2+"
    ]
  },
  "st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/654-LSS%20ST%20v1.2.pdf",
  "state": {
    "_type": "sec_certs.sample.cc_eucc_common.InternalState",
    "cert": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": false,
      "json_hash": null,
      "pdf_hash": "4d677e541a12c47055a41400c148d2897407741629527d66677650500a8a58a3",
      "txt_hash": "284229a94a39532e049da0e47c938f6531f537aab8cb33f30fc1c00649937d16"
    },
    "report": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "pdf_hash": "637807e2381d2cd8db33eef45de8463f1bd4248b2c1f47b213f9b91ab798424b",
      "txt_hash": "dc9fc892900d021da645f9c943280e69efcfd83c4392a89892fc142896b9c504"
    },
    "st": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "pdf_hash": "5cc35d5630376cec634cca297aa1bf5cc7a0dfda7b43cf4f8ea3d03b1d1752b8",
      "txt_hash": "ccee80be29e8a65dd4ecbd774c25373b86afbc4517204de03caa6becd3635681"
    }
  },
  "status": "active"
}

Sections

Cisco cEdge Routers running IOS XE 17.12 with SD-WAN 20.12

Known vulnerabilities detected

CSV information

Heuristics summary

Certificate

Extracted keywords

Device

Vendor

Common Criteria

Security level

Security Assurance Requirements (SAR)

Certificates

Evaluation facilities

Certification report

Extracted keywords

Cryptography

Symmetric Algorithms

Protocols

Device

Vendor

Common Criteria

Security level

Security Assurance Requirements (SAR)

Evaluation facilities

Other

Standards

File metadata

Security target

Extracted keywords

Cryptography

Symmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Elliptic Curves

Block cipher modes

TLS cipher suites

Device

Vendor

Common Criteria

Security level

Claims

Security Assurance Requirements (SAR)

Security Functional Requirements (SFR)

Security

Side-channel analysis

Certification process

Other

Standards

File metadata

Heuristics

Automated inference - use with caution

Certificate ID

Extracted SARs

CPE matches

Related CVEs

Similar certificates

Scheme data

References

Updates Feed

Raw data

Toggle raw data