Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN553
_____________________________________________________________________

DATE                : 28/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Integrated Management
                                  Controller, 
                Cisco Nexus 3000 and 9000 Series Switches software,
                            Cisco Nexus Dashboard,
                          Cisco UCS Manager Software,
                             Cisco NX-OS Software,
        Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2025-August-27.

The following PSIRT security advisories (2 High, 8 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Integrated Management Controller Virtual Keyboard Video
Monitor Open Redirect Vulnerability - SIR: High

2) Cisco Nexus 3000 and 9000 Series Switches Intermediate
System-to-Intermediate System Denial of Service Vulnerability
- SIR: High

3) Cisco Nexus Dashboard Path Traversal Vulnerability - SIR: Medium

4) Cisco UCS Manager Software Command Injection Vulnerabilities
- SIR: Medium

5) Cisco NX-OS Software Sensitive Log Information Disclosure
Vulnerability - SIR: Medium

6) Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
Unauthorized REST API Vulnerabilities - SIR: Medium

7) Cisco Integrated Management Controller Virtual Keyboard Video
Monitor Stored Cross-Site Scripting Vulnerability - SIR: Medium

8) Cisco UCS Manager Software Stored Cross-Site Scripting
Vulnerability - SIR: Medium

9) Cisco Nexus 3000 and 9000 Series Switches Protocol Independent
Multicast Version 6 Denial of Service Vulnerability - SIR: Medium

10) Cisco NX-OS Software Command Injection Vulnerability -
SIR: Medium

+--------------------------------------------------------------------

1) Cisco Integrated Management Controller Virtual Keyboard Video
Monitor Open Redirect Vulnerability

CVE-2025-20317

SIR: High

CVSS Score v(3.1): 7.1

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"]

+--------------------------------------------------------------------

2) Cisco Nexus 3000 and 9000 Series Switches Intermediate
System-to-Intermediate System Denial of Service Vulnerability

CVE-2025-20241

SIR: High

CVSS Score v(3.1): 7.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx"]

+--------------------------------------------------------------------

3) Cisco Nexus Dashboard Path Traversal Vulnerability

CVE-2025-20344

SIR: Medium

CVSS Score v(3.1): 6.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb"]

+--------------------------------------------------------------------

4) Cisco UCS Manager Software Command Injection Vulnerabilities

CVE-2025-20294, CVE-2025-20295

SIR: Medium

CVSS Score v(3.1): 6.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz"]

+--------------------------------------------------------------------

5) Cisco NX-OS Software Sensitive Log Information Disclosure
Vulnerability

CVE-2025-20290

SIR: Medium

CVSS Score v(3.1): 5.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFG ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFG"]

+--------------------------------------------------------------------

6) Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
Unauthorized REST API Vulnerabilities

CVE-2025-20347, CVE-2025-20348

SIR: Medium

CVSS Score v(3.1): 5.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu"]

+--------------------------------------------------------------------

7) Cisco Integrated Management Controller Virtual Keyboard
Video Monitor Stored Cross-Site Scripting Vulnerability

CVE-2025-20342

SIR: Medium

CVSS Score v(3.1): 5.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"]

+--------------------------------------------------------------------

8) Cisco UCS Manager Software Stored Cross-Site Scripting
Vulnerability

CVE-2025-20296

SIR: Medium

CVSS Score v(3.0): 5.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-xss-Ey6XhyPS ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-xss-Ey6XhyPS"]

+--------------------------------------------------------------------

9) Cisco Nexus 3000 and 9000 Series Switches Protocol Independent
Multicast Version 6 Denial of Service Vulnerability

CVE-2025-20262

SIR: Medium

CVSS Score v(3.1): 5.0

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPh ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPh"]

+--------------------------------------------------------------------

10) Cisco NX-OS Software Command Injection Vulnerability

CVE-2025-20292

SIR: Medium

CVSS Score v(3.1): 4.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-qhNze5Ss ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-qhNze5Ss"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================