Pierluigi Paganini February 28, 2025

Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches.

Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw.

The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode. An unauthenticated, adjacent attacker could exploit the issue to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

“A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.” reads the advisory published by Cisco. “This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.”

This vulnerability impacts the following products if they are running a vulnerable release of Cisco NX-OS Software:

• Nexus 3100 Series Switches
• Nexus 3200 Series Switches
• Nexus 3400 Series Switches
• Nexus 3600 Series Switches
• Nexus 9200 Series Switches in standalone NX-OS mode
• Nexus 9300 Series Switches in standalone NX-OS mode
• Nexus 9400 Series Switches in standalone NX-OS mode

The second flaw, tracked as CVE-2025-20161 (CVSS Score of 5.1), addressed by the company is a command injection issue that impacts Cisco Nexus 3000 and 9000 Series Switches.

“A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.” reads the advisory.

The Cisco Product Security Incident Response Team (PSIRT) is not aware of attacks exploiting the above vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Nexus switches)