Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-12709

Опубликовано: 27 авг. 2025
Источник: fstec
CVSS3: 5
CVSS2: 4
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения виртуальных коммутаторов Cisco Nexus 3000 Series, Cisco Nexus 9000 Series связана с разыменованием указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco Nexus 3000 Series
Cisco Nexus 9000 Series

Версия ПО

- (Cisco Nexus 3000 Series)
- (Cisco Nexus 9000 Series)

Тип ПО

Сетевое программное средство

Операционные системы и аппаратные платформы

Cisco Systems Inc. NX-OS 9.2(1)
Cisco Systems Inc. NX-OS 9.3(10)
Cisco Systems Inc. NX-OS 9.3(11)
Cisco Systems Inc. NX-OS 9.3(12)
Cisco Systems Inc. NX-OS 9.2(2)
Cisco Systems Inc. NX-OS 9.2(2t)
Cisco Systems Inc. NX-OS 9.2(2v)
Cisco Systems Inc. NX-OS 9.2(3)
Cisco Systems Inc. NX-OS 9.2(4)
Cisco Systems Inc. NX-OS 9.3(1)
Cisco Systems Inc. NX-OS 9.3(2)
Cisco Systems Inc. NX-OS 9.3(3)
Cisco Systems Inc. NX-OS 9.3(4)
Cisco Systems Inc. NX-OS 9.3(5)
Cisco Systems Inc. NX-OS 9.3(6)
Cisco Systems Inc. NX-OS 9.3(7)
Cisco Systems Inc. NX-OS 9.3(7a)
Cisco Systems Inc. NX-OS 9.3(8)
Cisco Systems Inc. NX-OS 9.3(9)
Cisco Systems Inc. NX-OS 10.1(1)
Cisco Systems Inc. NX-OS 10.1(2)
Cisco Systems Inc. NX-OS 10.1(2t)
Cisco Systems Inc. NX-OS 10.2(1)
Cisco Systems Inc. NX-OS 10.2(1q)
Cisco Systems Inc. NX-OS 10.2(2)
Cisco Systems Inc. NX-OS 10.2(3)
Cisco Systems Inc. NX-OS 10.2(3t)
Cisco Systems Inc. NX-OS 10.2(3v)
Cisco Systems Inc. NX-OS 10.2(4)
Cisco Systems Inc. NX-OS 10.2(5)
Cisco Systems Inc. NX-OS 10.2(6)
Cisco Systems Inc. NX-OS 10.3(1)
Cisco Systems Inc. NX-OS 10.3(2)
Cisco Systems Inc. NX-OS 10.3(3)
Cisco Systems Inc. NX-OS 10.3(99w)
Cisco Systems Inc. NX-OS 10.3(99x)
Cisco Systems Inc. NX-OS 10.4(1)
Cisco Systems Inc. NX-OS 9.2(3y)
Cisco Systems Inc. NX-OS 9.3(1z)
Cisco Systems Inc. NX-OS 9.3(5w)
Cisco Systems Inc. NX-OS 9.3(7k)
Cisco Systems Inc. NX-OS 9.3(13)
Cisco Systems Inc. NX-OS 10.2(2a)
Cisco Systems Inc. NX-OS 10.2(7)
Cisco Systems Inc. NX-OS 10.3(3w)
Cisco Systems Inc. NX-OS 10.3(3o)
Cisco Systems Inc. NX-OS 10.3(4a)
Cisco Systems Inc. NX-OS 10.3(3p)
Cisco Systems Inc. NX-OS 10.3(4)
Cisco Systems Inc. NX-OS 10.3(3q)
Cisco Systems Inc. NX-OS 10.3(3x)
Cisco Systems Inc. NX-OS 10.3(5)
Cisco Systems Inc. NX-OS 10.4(2)
Cisco Systems Inc. NX-OS 10.3(4g)
Cisco Systems Inc. NX-OS 10.3(3r)
Cisco Systems Inc. NX-OS 10.4(3)
Cisco Systems Inc. NX-OS 9.3(14)
Cisco Systems Inc. NX-OS 10.2(8)
Cisco Systems Inc. NX-OS 10.3(6)
Cisco Systems Inc. NX-OS 10.3(4h)
Cisco Systems Inc. NX-OS 10.4(4)
Cisco Systems Inc. NX-OS 10.5(1)
Cisco Systems Inc. NX-OS 10.4(4g)
Cisco Systems Inc. NX-OS 10.5(2)

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 5)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPh

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 36%
0.00152
Низкий

5 Medium

CVSS3

4 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20262

CVSS3: 5
nvd
5 месяцев назад

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes.

github логотип

GHSA-3q92-5vpf-96pw

CVSS3: 5
github
5 месяцев назад

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes.

EPSS

Процентиль: 36%
0.00152
Низкий

5 Medium

CVSS3

4 Medium

CVSS2