CVE-2025-20292
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | nx-os | * |
| cisco | ucs_manager | * |
| cisco | ucs_x-series_direct_fabric_interconnect | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in the CLI of Cisco NX-OS Software. An authenticated local attacker with valid user credentials can exploit insufficient validation of user input in certain CLI commands to inject crafted commands. This allows the attacker to execute arbitrary commands on the underlying operating system with the privileges of the non-root user running the CLI, enabling reading and writing files within those permissions. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an authenticated local attacker to execute arbitrary commands on the device's operating system with non-root user privileges. This could lead to unauthorized reading and modification of files accessible to that user, potentially compromising device integrity and confidentiality within the scope of those permissions. However, it does not allow root-level access or affect system availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network detection methods provided for this vulnerability. Detection primarily involves verifying if your device is running affected software versions. Cisco recommends using the Cisco Software Checker tool to identify affected software releases and the earliest fixed releases. Since exploitation requires valid user credentials and local access, monitoring for unusual CLI command usage or unauthorized access attempts may help, but no explicit detection commands are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade affected Cisco NX-OS software to the fixed software releases provided by Cisco. Customers should consult Cisco Security Advisories and use the Cisco Software Checker tool to identify if their software version is vulnerable and then upgrade accordingly. There are no known workarounds. Additionally, verifying hardware and software compatibility before upgrading and contacting Cisco TAC for assistance is recommended. [1]