CVE-2025-20163

Summary

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices.

This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Data Center Network Manager11.2(1)affected
CiscoCisco Data Center Network Manager7.0(2)affected
CiscoCisco Data Center Network Manager10.3(2)IPFMaffected
CiscoCisco Data Center Network Manager10.1(1)affected
CiscoCisco Data Center Network Manager7.2(3)affected
CiscoCisco Data Center Network Manager7.2(2)affected
CiscoCisco Data Center Network Manager7.2(1)affected
CiscoCisco Data Center Network Manager11.0(1)affected
CiscoCisco Data Center Network Manager10.4(1)affected
CiscoCisco Data Center Network Manager10.2(1)affected
CiscoCisco Data Center Network Manager7.2(2a)affected
CiscoCisco Data Center Network Manager10.1(2)affected
CiscoCisco Data Center Network Manager7.1(1)affected
CiscoCisco Data Center Network Manager12.1(1)affected
CiscoCisco Data Center Network Manager11.1(1)affected
CiscoCisco Data Center Network Manager10.3(1)affected
CiscoCisco Data Center Network Manager10.3(1)R(1)affected
CiscoCisco Data Center Network Manager7.0(1)affected
CiscoCisco Data Center Network Manager10.0(1)affected
CiscoCisco Data Center Network Manager7.1(2)affected
CiscoCisco Data Center Network Manager11.4(1)affected
CiscoCisco Data Center Network Manager10.4(2)affected
CiscoCisco Data Center Network Manager11.3(1)affected
CiscoCisco Data Center Network Manager11.5(1)affected
CiscoCisco Data Center Network Manager11.5(2)affected
CiscoCisco Data Center Network Manager11.5(3)affected
CiscoCisco Data Center Network Manager12.0.1aaffected
CiscoCisco Data Center Network Manager11.5(3a)affected
CiscoCisco Data Center Network Manager12.0.2daffected
CiscoCisco Data Center Network Manager12.0.2faffected
CiscoCisco Data Center Network Manager11.5(4)affected
CiscoCisco Data Center Network Manager12.1.1affected
CiscoCisco Data Center Network Manager12.1.1eaffected
CiscoCisco Data Center Network Manager12.1.1paffected
CiscoCisco Data Center Network Manager12.1.2eaffected
CiscoCisco Data Center Network Manager12.1.2paffected
CiscoCisco Data Center Network Manager12.1.3baffected
CiscoCisco Data Center Network Manager12.2.1affected
CiscoCisco Data Center Network Manager12.2.2affected
CiscoCisco Nexus Dashboard3.1(1k)affected
CiscoCisco Nexus Dashboard3.1(1l)affected
CiscoCisco Nexus Dashboard3.2(1e)affected
CiscoCisco Nexus Dashboard3.2(1i)affected
CiscoCisco Nexus Dashboard3.3(1a)affected
CiscoCisco Nexus Dashboard3.3(1b)affected
CiscoCisco Nexus Dashboard3.3(2b)affected
CiscoCisco Nexus Dashboard4.0(1i)affected
CiscoCisco Nexus Dashboard3.3(2g)affected

Weaknesses

  • CWE-322: Key Exchange without Entity Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References