CVE-2025-20111

Summary

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco NX-OS Software9.3(2)affected
CiscoCisco NX-OS Software9.3(1)affected
CiscoCisco NX-OS Software9.3(1z)affected
CiscoCisco NX-OS Software9.3(3)affected
CiscoCisco NX-OS Software9.3(4)affected
CiscoCisco NX-OS Software9.3(5)affected
CiscoCisco NX-OS Software9.3(6)affected
CiscoCisco NX-OS Software10.1(2)affected
CiscoCisco NX-OS Software10.1(1)affected
CiscoCisco NX-OS Software9.3(5w)affected
CiscoCisco NX-OS Software9.3(7)affected
CiscoCisco NX-OS Software9.3(7k)affected
CiscoCisco NX-OS Software10.2(1)affected
CiscoCisco NX-OS Software9.3(7a)affected
CiscoCisco NX-OS Software9.3(8)affected
CiscoCisco NX-OS Software10.2(1q)affected
CiscoCisco NX-OS Software10.2(2)affected
CiscoCisco NX-OS Software9.3(9)affected
CiscoCisco NX-OS Software10.1(2t)affected
CiscoCisco NX-OS Software10.2(3)affected
CiscoCisco NX-OS Software10.2(3t)affected
CiscoCisco NX-OS Software9.3(10)affected
CiscoCisco NX-OS Software10.2(2a)affected
CiscoCisco NX-OS Software10.3(1)affected
CiscoCisco NX-OS Software10.2(4)affected
CiscoCisco NX-OS Software10.3(2)affected
CiscoCisco NX-OS Software9.3(11)affected
CiscoCisco NX-OS Software10.3(3)affected
CiscoCisco NX-OS Software10.2(5)affected
CiscoCisco NX-OS Software9.3(12)affected
CiscoCisco NX-OS Software10.2(3v)affected
CiscoCisco NX-OS Software10.4(1)affected
CiscoCisco NX-OS Software10.3(99w)affected
CiscoCisco NX-OS Software10.2(6)affected
CiscoCisco NX-OS Software10.3(3w)affected
CiscoCisco NX-OS Software10.3(99x)affected
CiscoCisco NX-OS Software10.3(3o)affected
CiscoCisco NX-OS Software10.3(4)affected
CiscoCisco NX-OS Software10.3(3p)affected
CiscoCisco NX-OS Software10.3(4a)affected
CiscoCisco NX-OS Software10.4(2)affected
CiscoCisco NX-OS Software10.3(3q)affected
CiscoCisco NX-OS Software9.3(13)affected
CiscoCisco NX-OS Software10.3(5)affected
CiscoCisco NX-OS Software10.2(7)affected
CiscoCisco NX-OS Software10.4(3)affected
CiscoCisco NX-OS Software10.3(3x)affected
CiscoCisco NX-OS Software10.3(4g)affected
CiscoCisco NX-OS Software10.5(1)affected
CiscoCisco NX-OS Software10.2(8)affected
CiscoCisco NX-OS Software10.3(3r)affected
CiscoCisco NX-OS Software9.3(14)affected
CiscoCisco NX-OS Software10.3(4h)affected

Weaknesses

  • CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References