HIGH✓ PATCH🇬🇧 English

CVE-2025-20163

CVSS 8.7v3.1pub. 2025-06-04upd. 2025-07-22

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Cisco Nexus Dashboard

    APP
    Cisco
    < 3.2\(2f\)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2022-20858CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute a...

CVE-2022-20857CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute a...

CVE-2022-20861CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute a...

CVE-2024-20281HIGH7.5ten sam produkt

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hoste...

CVE-2023-20014HIGH7.5ten sam produkt

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, rem...