Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate as Managed Devices
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A high-severity vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC) that could allow unauthenticated attackers to impersonate managed network devices through compromised SSH connections.
The vulnerability, tracked as CVE-2025-20163, carries a CVSS base score of 8.7 and affects all versions of Cisco NDFC regardless of device configuration.
Security researchers from REQON B.V. identified the flaw, which stems from insufficient SSH host key validation mechanisms within the NDFC infrastructure.
Cisco NDFC SSH Vulnerability
The vulnerability exploits a fundamental weakness in the SSH implementation of Cisco NDFC, specifically related to CWE-322 (key exchange without entity authentication).
The affected system fails to properly validate SSH host keys during connection establishment, creating an opportunity for malicious actors to conduct machine-in-the-middle (MITM) attacks.
The technical classification CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:X/RL:X/RC:X indicates that while the attack complexity is high, it requires no user interaction and can be executed remotely without prior authentication.
Cisco NDFC, previously known as Data Center Network Manager (DCNM) in releases 11.5 and earlier, serves as a centralized management platform for data center network fabrics.
The vulnerability is catalogued under Cisco Bug ID CSCwm50501 and affects the core SSH communication protocols that NDFC uses to manage network devices.
The flaw allows attackers to position themselves between the NDFC controller and managed devices, potentially intercepting and manipulating network management traffic.
The exploitation of this vulnerability enables attackers to perform sophisticated impersonation attacks against Cisco NDFC-managed devices.
This positioning allows attackers to capture sensitive user credentials, intercept configuration changes, and potentially inject malicious commands into the network management workflow.
The machine-in-the-middle attack vector poses significant risks to enterprise network security, as compromised credentials could lead to broader network compromise.
Attackers successfully exploiting this vulnerability could gain unauthorized access to critical network infrastructure components, modify device configurations, or establish persistent backdoors within the managed network environment.
Risk Factors Details Affected ProductsNDFC all versions prior to 12.2.3, including releases previously branded as Cisco Data Center Network Manager (DCNM) 11.5 and earlier.ImpactEnables device impersonation attacksExploit Prerequisites– Network access to SSH communication channels between NDFC and managed devices- Capability to perform machine-in-the-middle (MITM) attacks on TCP port 22 traffic.CVSS 3.1 Score8.7 (High)
Mitigations
Cisco has released comprehensive software updates to address this vulnerability, with no available workarounds for affected systems.
Organizations running vulnerable versions must migrate to Cisco Nexus Dashboard Release 3.2(2f), which includes NDFC Release 12.2.3 containing the necessary security fixes.
The remediation introduces a new SSH host key verification feature that remains disabled by default to maintain backward compatibility with existing deployments.
For customers using Cisco Nexus Dashboard Release 3.1, immediate migration to the fixed release is required, as no patch is available for this version.
The fix implements enhanced SSH host key validation mechanisms that prevent unauthorized device impersonation attempts.
Network administrators should consult the SSH Host Key Mismatch section of the Overview and Initial Setup of Cisco NDFC documentation for proper configuration guidance.
Organizations should prioritize this update given the high CVSS score and potential for credential compromise. Cisco plans to enable the new SSH host key verification feature by default in future releases, emphasizing the critical nature of this security enhancement.
#Cisco #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate as Managed Devices
Author: KaaviyaA high-severity vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC) that could allow unauthenticated attackers to impersonate managed network devices through compromised SSH connections.
The vulnerability, tracked as CVE-2025-20163, carries a CVSS base score of 8.7 and affects all versions of Cisco NDFC regardless of device configuration.
Security researchers from REQON B.V. identified the flaw, which stems from insufficient SSH host key validation mechanisms within the NDFC infrastructure.
Cisco NDFC SSH Vulnerability
The vulnerability exploits a fundamental weakness in the SSH implementation of Cisco NDFC, specifically related to CWE-322 (key exchange without entity authentication).
The affected system fails to properly validate SSH host keys during connection establishment, creating an opportunity for malicious actors to conduct machine-in-the-middle (MITM) attacks.
The technical classification CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:X/RL:X/RC:X indicates that while the attack complexity is high, it requires no user interaction and can be executed remotely without prior authentication.
Cisco NDFC, previously known as Data Center Network Manager (DCNM) in releases 11.5 and earlier, serves as a centralized management platform for data center network fabrics.
The vulnerability is catalogued under Cisco Bug ID CSCwm50501 and affects the core SSH communication protocols that NDFC uses to manage network devices.
The flaw allows attackers to position themselves between the NDFC controller and managed devices, potentially intercepting and manipulating network management traffic.
The exploitation of this vulnerability enables attackers to perform sophisticated impersonation attacks against Cisco NDFC-managed devices.
This positioning allows attackers to capture sensitive user credentials, intercept configuration changes, and potentially inject malicious commands into the network management workflow.
The machine-in-the-middle attack vector poses significant risks to enterprise network security, as compromised credentials could lead to broader network compromise.
Attackers successfully exploiting this vulnerability could gain unauthorized access to critical network infrastructure components, modify device configurations, or establish persistent backdoors within the managed network environment.
Risk Factors Details Affected ProductsNDFC all versions prior to 12.2.3, including releases previously branded as Cisco Data Center Network Manager (DCNM) 11.5 and earlier.ImpactEnables device impersonation attacksExploit Prerequisites– Network access to SSH communication channels between NDFC and managed devices- Capability to perform machine-in-the-middle (MITM) attacks on TCP port 22 traffic.CVSS 3.1 Score8.7 (High)
Mitigations
Cisco has released comprehensive software updates to address this vulnerability, with no available workarounds for affected systems.
Organizations running vulnerable versions must migrate to Cisco Nexus Dashboard Release 3.2(2f), which includes NDFC Release 12.2.3 containing the necessary security fixes.
The remediation introduces a new SSH host key verification feature that remains disabled by default to maintain backward compatibility with existing deployments.
For customers using Cisco Nexus Dashboard Release 3.1, immediate migration to the fixed release is required, as no patch is available for this version.
The fix implements enhanced SSH host key validation mechanisms that prevent unauthorized device impersonation attempts.
Network administrators should consult the SSH Host Key Mismatch section of the Overview and Initial Setup of Cisco NDFC documentation for proper configuration guidance.
Organizations should prioritize this update given the high CVSS score and potential for credential compromise. Cisco plans to enable the new SSH host key verification feature by default in future releases, emphasizing the critical nature of this security enhancement.
#Cisco #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
