Pierluigi Paganini
February 28, 2025
Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw.
The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode. An unauthenticated, adjacent attacker could exploit the issue to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
“A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.” reads the advisory published by Cisco. “This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.”
This vulnerability impacts the following products if they are running a vulnerable release of Cisco NX-OS Software:
The second flaw, tracked as CVE-2025-20161 (CVSS Score of 5.1), addressed by the company is a command injection issue that impacts Cisco Nexus 3000 and 9000 Series Switches.
“A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.” reads the advisory.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of attacks exploiting the above vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Nexus switches)
