Summary: Cisco has patched multiple vulnerabilities in its Nexus switches, including high-severity command injection and denial-of-service (DoS) issues affecting the Nexus 3000 and 9000 series. The updates address significant risks where authenticated attackers could exploit the vulnerabilities to execute commands or cause device reboots. No known exploits have been reported yet, but these vulnerabilities may pose risks given Ciscoโs history of being targeted by threat actors.
Affected: Cisco Nexus 3000 and 9000 series switches, Cisco Application Policy Infrastructure Controller (APIC)
Keypoints :
- High-severity vulnerability CVE-2025-20111 in Nexus switches allows DoS attacks via crafted Ethernet frames.
- Medium-severity command injection vulnerability enables attackers with admin credentials to execute arbitrary commands.
- Four medium-severity flaws in Ciscoโs APIC can lead to XSS attacks, DoS, and sensitive information access requiring admin credentials.
- No exploits are currently known, but Cisco vulnerabilities have a history of being targeted by threat actors.
Source: https://www.securityweek.com/cisco-patches-vulnerabilities-in-nexus-switches/