Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-05027

Опубликовано: 26 фев. 2025
Источник: fstec
CVSS3: 5.1
CVSS2: 5.2
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения виртуальных коммутаторов Cisco Nexus 3000 Series, Cisco Nexus 9000 Series связана с непринятием мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код от имени администратора с правами root

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco Nexus 3000 Series
Cisco Nexus 9000 Series

Версия ПО

- (Cisco Nexus 3000 Series)
- (Cisco Nexus 9000 Series)

Тип ПО

Сетевое программное средство

Операционные системы и аппаратные платформы

Cisco Systems Inc. NX-OS 9.2(1)
Cisco Systems Inc. NX-OS 7.0(3)F3(1)
Cisco Systems Inc. NX-OS 7.0(3)F3(2)
Cisco Systems Inc. NX-OS 7.0(3)F3(3)
Cisco Systems Inc. NX-OS 7.0(3)F3(3a)
Cisco Systems Inc. NX-OS 7.0(3)F3(4)
Cisco Systems Inc. NX-OS 7.0(3)F3(3c)
Cisco Systems Inc. NX-OS 7.0(3)F3(5)
Cisco Systems Inc. NX-OS 7.0(3)I4(1)
Cisco Systems Inc. NX-OS 7.0(3)I4(2)
Cisco Systems Inc. NX-OS 7.0(3)I4(3)
Cisco Systems Inc. NX-OS 7.0(3)I4(4)
Cisco Systems Inc. NX-OS 7.0(3)I4(5)
Cisco Systems Inc. NX-OS 7.0(3)I4(6)
Cisco Systems Inc. NX-OS 7.0(3)I4(7)
Cisco Systems Inc. NX-OS 7.0(3)I4(8)
Cisco Systems Inc. NX-OS 7.0(3)I4(8a)
Cisco Systems Inc. NX-OS 7.0(3)I4(8b)
Cisco Systems Inc. NX-OS 7.0(3)I4(8z)
Cisco Systems Inc. NX-OS 7.0(3)I7(5a)
Cisco Systems Inc. NX-OS 7.0(3)I5(1)
Cisco Systems Inc. NX-OS 7.0(3)I5(2)
Cisco Systems Inc. NX-OS 7.0(3)I6(1)
Cisco Systems Inc. NX-OS 7.0(3)I6(2)
Cisco Systems Inc. NX-OS 7.0(3)I7(1)
Cisco Systems Inc. NX-OS 7.0(3)I7(2)
Cisco Systems Inc. NX-OS 7.0(3)I7(3)
Cisco Systems Inc. NX-OS 7.0(3)I7(4)
Cisco Systems Inc. NX-OS 7.0(3)I7(5)
Cisco Systems Inc. NX-OS 9.3(10)
Cisco Systems Inc. NX-OS 9.3(11)
Cisco Systems Inc. NX-OS 9.3(12)
Cisco Systems Inc. NX-OS 6.0(2)a8(1)
Cisco Systems Inc. NX-OS 6.0(2)a8(2)
Cisco Systems Inc. NX-OS 6.0(2)a8(3)
Cisco Systems Inc. NX-OS 6.0(2)a8(4)
Cisco Systems Inc. NX-OS 6.0(2)a8(4a)
Cisco Systems Inc. NX-OS 6.0(2)a8(5)
Cisco Systems Inc. NX-OS 6.0(2)a8(6)
Cisco Systems Inc. NX-OS 6.0(2)a8(7)
Cisco Systems Inc. NX-OS 6.0(2)a8(7a)
Cisco Systems Inc. NX-OS 6.0(2)a8(7b)
Cisco Systems Inc. NX-OS 6.0(2)a8(8)
Cisco Systems Inc. NX-OS 6.0(2)a8(9)
Cisco Systems Inc. NX-OS 6.0(2)a8(10)
Cisco Systems Inc. NX-OS 6.0(2)a8(10a)
Cisco Systems Inc. NX-OS 6.0(2)a8(11)
Cisco Systems Inc. NX-OS 6.0(2)a8(11a)
Cisco Systems Inc. NX-OS 6.0(2)a8(11b)
Cisco Systems Inc. NX-OS 7.0(3)i4(9)
Cisco Systems Inc. NX-OS 7.0(3)i7(6)
Cisco Systems Inc. NX-OS 7.0(3)i7(7)
Cisco Systems Inc. NX-OS 7.0(3)i7(8)
Cisco Systems Inc. NX-OS 7.0(3)i7(9)
Cisco Systems Inc. NX-OS 7.0(3)i7(10)
Cisco Systems Inc. NX-OS 9.2(2)
Cisco Systems Inc. NX-OS 9.2(2t)
Cisco Systems Inc. NX-OS 9.2(2v)
Cisco Systems Inc. NX-OS 9.2(3)
Cisco Systems Inc. NX-OS 9.2(4)
Cisco Systems Inc. NX-OS 9.3(1)
Cisco Systems Inc. NX-OS 9.3(2)
Cisco Systems Inc. NX-OS 9.3(3)
Cisco Systems Inc. NX-OS 9.3(4)
Cisco Systems Inc. NX-OS 9.3(5)
Cisco Systems Inc. NX-OS 9.3(6)
Cisco Systems Inc. NX-OS 9.3(7)
Cisco Systems Inc. NX-OS 9.3(7a)
Cisco Systems Inc. NX-OS 9.3(8)
Cisco Systems Inc. NX-OS 9.3(9)
Cisco Systems Inc. NX-OS 10.1(1)
Cisco Systems Inc. NX-OS 10.1(2)
Cisco Systems Inc. NX-OS 10.1(2t)
Cisco Systems Inc. NX-OS 10.2(1)
Cisco Systems Inc. NX-OS 10.2(1q)
Cisco Systems Inc. NX-OS 10.2(2)
Cisco Systems Inc. NX-OS 10.2(3)
Cisco Systems Inc. NX-OS 10.2(3t)
Cisco Systems Inc. NX-OS 10.2(3v)
Cisco Systems Inc. NX-OS 10.2(4)
Cisco Systems Inc. NX-OS 10.2(5)
Cisco Systems Inc. NX-OS 10.2(6)
Cisco Systems Inc. NX-OS 10.3(1)
Cisco Systems Inc. NX-OS 10.3(2)
Cisco Systems Inc. NX-OS 10.3(3)
Cisco Systems Inc. NX-OS 10.3(99w)
Cisco Systems Inc. NX-OS 10.3(99x)
Cisco Systems Inc. NX-OS 10.4(1)
Cisco Systems Inc. NX-OS 7.0(3)I4(1t)
Cisco Systems Inc. NX-OS 7.0(3)I4(6t)
Cisco Systems Inc. NX-OS 7.0(3)I5(3)
Cisco Systems Inc. NX-OS 7.0(3)I5(3a)
Cisco Systems Inc. NX-OS 7.0(3)I5(3b)
Cisco Systems Inc. NX-OS 7.0(3)I7(3z)
Cisco Systems Inc. NX-OS 7.0(3)I7(6z)
Cisco Systems Inc. NX-OS 7.0(3)I7(9w)
Cisco Systems Inc. NX-OS 9.2(3y)
Cisco Systems Inc. NX-OS 7.0(3)IA7(1)
Cisco Systems Inc. NX-OS 7.0(3)IA7(2)
Cisco Systems Inc. NX-OS 7.0(3)IC4(4)
Cisco Systems Inc. NX-OS 7.0(3)IM7(2)
Cisco Systems Inc. NX-OS 9.3(1z)
Cisco Systems Inc. NX-OS 9.3(5w)
Cisco Systems Inc. NX-OS 9.3(7k)
Cisco Systems Inc. NX-OS 9.3(13)
Cisco Systems Inc. NX-OS 10.2(2a)
Cisco Systems Inc. NX-OS 10.2(7)
Cisco Systems Inc. NX-OS 10.3(3w)
Cisco Systems Inc. NX-OS 10.3(3o)
Cisco Systems Inc. NX-OS 10.3(4a)
Cisco Systems Inc. NX-OS 10.3(3p)
Cisco Systems Inc. NX-OS 10.3(4)
Cisco Systems Inc. NX-OS 10.3(3q)
Cisco Systems Inc. NX-OS 10.3(3x)
Cisco Systems Inc. NX-OS 10.3(5)
Cisco Systems Inc. NX-OS 10.4(2)
Cisco Systems Inc. NX-OS 10.3(4g)
Cisco Systems Inc. NX-OS 10.3(3r)
Cisco Systems Inc. NX-OS 10.4(3)
Cisco Systems Inc. NX-OS 9.3(14)
Cisco Systems Inc. NX-OS 10.2(8)
Cisco Systems Inc. NX-OS 10.3(6)
Cisco Systems Inc. NX-OS 10.3(4h)
Cisco Systems Inc. NX-OS 10.5(1)

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,2)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,1)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 9%
0.00034
Низкий

5.1 Medium

CVSS3

5.2 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20161

CVSS3: 5.1
nvd
12 месяцев назад

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation.

github логотип

GHSA-wc27-6x2h-q38w

CVSS3: 5.1
github
12 месяцев назад

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation.

EPSS

Процентиль: 9%
0.00034
Низкий

5.1 Medium

CVSS3

5.2 Medium

CVSS2