Ddos 
Cisco has issued security advisories for two high-severity vulnerabilities—one in the Cisco Integrated Management Controller (IMC) and the other in the Nexus Dashboard Fabric Controller (NDFC)—both posing serious risks to enterprise infrastructure. The flaws, tracked as CVE-2025-20261 (CVSS 8.8) and CVE-2025-20163 (CVSS 8.7), impact a wide range of UCS and Nexus products used in data centers, cloud environments, and edge deployments.
CVE-2025-20261: Privilege Escalation via SSH on Cisco UCS IMC (CVSS 8.8)
A vulnerability in the SSH connection handling of Cisco IMC could allow an authenticated remote attacker to gain elevated privileges and modify system configurations.
“A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device,” the advisory explains.
This vulnerability affects the following Cisco products if they are running a vulnerable software release and they accept incoming SSH connections to the Cisco IMC:
- UCS B-Series, C-Series, S-Series, and X-Series Servers
- Cisco appliances built on UCS platforms:
- APIC, Catalyst Center, Secure Endpoint, HyperFlex, Meeting Server 1000, Telemetry Broker, and others.
Mitigation includes disabling SSH or Serial-over-LAN (SoL) where applicable. Affected systems should be upgraded to patched firmware versions such as 4.1(3n), 4.2(3k), or 5.2(2.240073) depending on server mode.
CVE-2025-20163: SSH Host Key Validation Vulnerability in Cisco NDFC (CVSS 8.7)
The second issue affects the Cisco Nexus Dashboard Fabric Controller (NDFC), formerly known as DCNM. This flaw allows unauthenticated remote attackers to impersonate managed devices by exploiting insufficient SSH host key validation.
“A successful exploit could allow the attacker to impersonate a managed device and capture user credentials,” the advisory warns.
By performing a machine-in-the-middle (MitM) attack on SSH sessions, an attacker could intercept or manipulate communications between NDFC and its managed devices.
Cisco has addressed this in Nexus Dashboard release 3.2(2f). Earlier versions, including legacy DCNM releases, are vulnerable and should be updated promptly.
Cisco’s Product Security Incident Response Team (PSIRT) notes: “The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability.”
However, given the access level these components provide, organizations should treat these as critical patch priorities.
Related Posts:
- CVE-2024-20432 (CVSS 9.9): Cisco Nexus Dashboard Fabric Controller Exposed to RCE
- Public Exploit Released for Cisco IMC Flaw – Update Immediately to Halt Takeover Attacks
- CVE-2024-20536: Cisco NDFC Vulnerability Grants Attackers Extensive Control
- Cisco Patches Vulnerabilities in Integrated Management Controller, SNMP Implementation
Donate