CVE-2025-20261 (GCVE-0-2025-20261)
Vulnerability from cvelistv5 – Published: 2025-06-04 16:17 – Updated: 2025-06-05 03:55
VLAI?
Summary
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.
This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
Severity ?
8.8 (High)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.2(1k) Affected: 4.0(4n) Affected: 4.1(3h) Affected: 4.2(1l) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.3(4b) Affected: 4.3(2f) Affected: 4.1(3n) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:55:25.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:17:54.028Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
}
],
"source": {
"advisory": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"defects": [
"CSCwk24502"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20261",
"datePublished": "2025-06-04T16:17:54.028Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-06-05T03:55:25.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-20261\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-06-04T17:15:26.827\",\"lastModified\":\"2025-06-05T20:12:23.777\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\\r\\n\\r\\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la gesti\u00f3n de conexiones SSH de Cisco Integrated Management Controller (IMC) para servidores Cisco UCS serie B, UCS serie C, UCS serie S y UCS serie X podr\u00eda permitir que un atacante remoto autenticado acceda a servicios internos con privilegios elevados. Esta vulnerabilidad se debe a restricciones insuficientes de acceso a los servicios internos. Un atacante con una cuenta de usuario v\u00e1lida podr\u00eda explotar esta vulnerabilidad utilizando una sintaxis manipulada al conectarse a Cisco IMC de un dispositivo afectado mediante SSH. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a servicios internos con privilegios elevados, lo que podr\u00eda permitir modificaciones no autorizadas en el sistema, incluyendo la posibilidad de crear nuevas cuentas de administrador en el dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-923\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM\",\"source\":\"psirt@cisco.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-04T18:13:10.333578Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-04T18:13:11.950Z\"}}], \"cna\": {\"title\": \"Cisco Integrated Management Controller Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwk24502\"], \"advisory\": \"cisco-sa-ucs-ssh-priv-esc-2mZDtdjM\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Computing System (Managed)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0(1a)\"}, {\"status\": \"affected\", \"version\": \"3.2(3n)\"}, {\"status\": \"affected\", \"version\": \"4.1(1a)\"}, {\"status\": \"affected\", \"version\": \"4.1(1b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4h)\"}, {\"status\": \"affected\", \"version\": \"4.1(1c)\"}, {\"status\": \"affected\", \"version\": \"3.2(3k)\"}, {\"status\": \"affected\", \"version\": \"3.2(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4e)\"}, {\"status\": \"affected\", \"version\": \"4.0(4g)\"}, {\"status\": \"affected\", \"version\": \"3.2(3i)\"}, {\"status\": \"affected\", \"version\": \"4.0(2e)\"}, {\"status\": \"affected\", \"version\": \"3.2(3g)\"}, {\"status\": \"affected\", \"version\": \"4.0(4a)\"}, {\"status\": \"affected\", \"version\": \"4.0(2d)\"}, {\"status\": \"affected\", \"version\": \"3.2(2d)\"}, {\"status\": \"affected\", \"version\": \"4.0(1b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4f)\"}, {\"status\": \"affected\", \"version\": \"3.2(3h)\"}, {\"status\": \"affected\", \"version\": \"3.2(2f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4c)\"}, {\"status\": \"affected\", \"version\": \"3.2(3a)\"}, {\"status\": \"affected\", \"version\": \"4.0(1c)\"}, {\"status\": \"affected\", \"version\": \"3.2(3d)\"}, {\"status\": \"affected\", \"version\": \"3.2(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4b)\"}, {\"status\": \"affected\", \"version\": \"3.2(2e)\"}, {\"status\": \"affected\", \"version\": \"4.0(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4d)\"}, {\"status\": \"affected\", \"version\": \"3.2(1d)\"}, {\"status\": \"affected\", \"version\": \"3.2(3e)\"}, {\"status\": \"affected\", \"version\": \"3.2(3l)\"}, {\"status\": \"affected\", \"version\": \"3.2(3b)\"}, {\"status\": \"affected\", \"version\": \"4.0(2a)\"}, {\"status\": \"affected\", \"version\": \"3.2(3j)\"}, {\"status\": \"affected\", \"version\": \"4.0(1d)\"}, {\"status\": \"affected\", \"version\": \"3.2(3o)\"}, {\"status\": \"affected\", \"version\": \"4.0(4i)\"}, {\"status\": \"affected\", \"version\": \"4.1(1d)\"}, {\"status\": \"affected\", \"version\": \"4.1(2a)\"}, {\"status\": \"affected\", \"version\": \"4.1(1e)\"}, {\"status\": \"affected\", \"version\": \"3.2(3p)\"}, {\"status\": \"affected\", \"version\": \"4.1(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4k)\"}, {\"status\": \"affected\", \"version\": \"4.1(3a)\"}, {\"status\": \"affected\", \"version\": \"4.1(3b)\"}, {\"status\": \"affected\", \"version\": \"4.1(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4l)\"}, {\"status\": \"affected\", \"version\": \"4.1(4a)\"}, {\"status\": \"affected\", \"version\": \"4.1(3c)\"}, {\"status\": \"affected\", \"version\": \"4.1(3d)\"}, {\"status\": \"affected\", \"version\": \"4.2(1c)\"}, {\"status\": \"affected\", \"version\": \"4.2(1d)\"}, {\"status\": \"affected\", \"version\": \"4.0(4m)\"}, {\"status\": \"affected\", \"version\": \"4.1(3e)\"}, {\"status\": \"affected\", \"version\": \"4.2(1f)\"}, {\"status\": \"affected\", \"version\": \"4.1(3f)\"}, {\"status\": \"affected\", \"version\": \"4.2(1i)\"}, {\"status\": \"affected\", \"version\": \"4.2(1k)\"}, {\"status\": \"affected\", \"version\": \"4.0(4n)\"}, {\"status\": \"affected\", \"version\": \"4.1(3h)\"}, {\"status\": \"affected\", \"version\": \"4.2(1l)\"}, {\"status\": \"affected\", \"version\": \"4.2(1m)\"}, {\"status\": \"affected\", \"version\": \"4.1(3i)\"}, {\"status\": \"affected\", \"version\": \"4.2(2a)\"}, {\"status\": \"affected\", \"version\": \"4.2(1n)\"}, {\"status\": \"affected\", \"version\": \"4.1(3j)\"}, {\"status\": \"affected\", \"version\": \"4.2(2c)\"}, {\"status\": \"affected\", \"version\": \"4.2(2d)\"}, {\"status\": \"affected\", \"version\": \"4.2(3b)\"}, {\"status\": \"affected\", \"version\": \"4.1(3k)\"}, {\"status\": \"affected\", \"version\": \"4.0(4o)\"}, {\"status\": \"affected\", \"version\": \"4.2(2e)\"}, {\"status\": \"affected\", \"version\": \"4.2(3d)\"}, {\"status\": \"affected\", \"version\": \"4.2(3e)\"}, {\"status\": \"affected\", \"version\": \"4.2(3g)\"}, {\"status\": \"affected\", \"version\": \"4.1(3l)\"}, {\"status\": \"affected\", \"version\": \"4.3(2b)\"}, {\"status\": \"affected\", \"version\": \"4.2(3h)\"}, {\"status\": \"affected\", \"version\": \"4.2(3i)\"}, {\"status\": \"affected\", \"version\": \"4.3(2c)\"}, {\"status\": \"affected\", \"version\": \"4.1(3m)\"}, {\"status\": \"affected\", \"version\": \"4.3(2e)\"}, {\"status\": \"affected\", \"version\": \"4.3(3a)\"}, {\"status\": \"affected\", \"version\": \"4.2(3j)\"}, {\"status\": \"affected\", \"version\": \"4.3(3c)\"}, {\"status\": \"affected\", \"version\": \"4.3(4a)\"}, {\"status\": \"affected\", \"version\": \"4.3(4b)\"}, {\"status\": \"affected\", \"version\": \"4.3(2f)\"}, {\"status\": \"affected\", \"version\": \"4.1(3n)\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Computing System (Standalone)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0(2g)\"}, {\"status\": \"affected\", \"version\": \"3.1(2i)\"}, {\"status\": \"affected\", \"version\": \"3.1(1d)\"}, {\"status\": \"affected\", \"version\": \"4.0(4i)\"}, {\"status\": \"affected\", \"version\": \"4.1(1c)\"}, {\"status\": \"affected\", \"version\": \"4.0(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(1e)\"}, {\"status\": \"affected\", \"version\": \"4.0(2h)\"}, {\"status\": \"affected\", \"version\": \"4.0(4h)\"}, {\"status\": \"affected\", \"version\": \"4.0(1h)\"}, {\"status\": \"affected\", \"version\": \"4.0(2l)\"}, {\"status\": \"affected\", \"version\": \"3.1(3g)\"}, {\"status\": \"affected\", \"version\": \"4.0(1.240)\"}, {\"status\": \"affected\", \"version\": \"4.0(2f)\"}, {\"status\": \"affected\", \"version\": \"4.0(1g)\"}, {\"status\": \"affected\", \"version\": \"4.0(2i)\"}, {\"status\": \"affected\", \"version\": \"3.1(3i)\"}, {\"status\": \"affected\", \"version\": \"4.0(4d)\"}, {\"status\": \"affected\", \"version\": \"4.1(1d)\"}, {\"status\": \"affected\", \"version\": \"3.1(3c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4k)\"}, {\"status\": \"affected\", \"version\": \"3.1(2d)\"}, {\"status\": \"affected\", \"version\": \"3.1(3a)\"}, {\"status\": \"affected\", \"version\": \"3.1(3j)\"}, {\"status\": \"affected\", \"version\": \"4.0(2d)\"}, {\"status\": \"affected\", \"version\": \"4.1(1f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4j)\"}, {\"status\": \"affected\", \"version\": \"4.0(2m)\"}, {\"status\": \"affected\", \"version\": \"4.0(2k)\"}, {\"status\": \"affected\", \"version\": \"4.0(1c)\"}, {\"status\": \"affected\", \"version\": \"4.0(4f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4c)\"}, {\"status\": \"affected\", \"version\": \"3.1(3d)\"}, {\"status\": \"affected\", \"version\": \"3.1(2g)\"}, {\"status\": \"affected\", \"version\": \"3.1(2c)\"}, {\"status\": \"affected\", \"version\": \"4.0(1d)\"}, {\"status\": \"affected\", \"version\": \"3.1(2e)\"}, {\"status\": \"affected\", \"version\": \"4.0(1a)\"}, {\"status\": \"affected\", \"version\": \"4.0(1b)\"}, {\"status\": \"affected\", \"version\": \"3.1(3b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4b)\"}, {\"status\": \"affected\", \"version\": \"3.1(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(4e)\"}, {\"status\": \"affected\", \"version\": \"3.1(3h)\"}, {\"status\": \"affected\", \"version\": \"4.0(4l)\"}, {\"status\": \"affected\", \"version\": \"4.1(1g)\"}, {\"status\": \"affected\", \"version\": \"4.1(2a)\"}, {\"status\": \"affected\", \"version\": \"4.0(2n)\"}, {\"status\": \"affected\", \"version\": \"4.1(1h)\"}, {\"status\": \"affected\", \"version\": \"3.1(3k)\"}, {\"status\": \"affected\", \"version\": \"4.1(2b)\"}, {\"status\": \"affected\", \"version\": \"4.0(2o)\"}, {\"status\": \"affected\", \"version\": \"4.0(4m)\"}, {\"status\": \"affected\", \"version\": \"4.1(2d)\"}, {\"status\": \"affected\", \"version\": \"4.1(3b)\"}, {\"status\": \"affected\", \"version\": \"4.0(2p)\"}, {\"status\": \"affected\", \"version\": \"4.1(2e)\"}, {\"status\": \"affected\", \"version\": \"4.1(2f)\"}, {\"status\": \"affected\", \"version\": \"4.0(4n)\"}, {\"status\": \"affected\", \"version\": \"4.0(2q)\"}, {\"status\": \"affected\", \"version\": \"4.1(3c)\"}, {\"status\": \"affected\", \"version\": \"4.0(2r)\"}, {\"status\": \"affected\", \"version\": \"4.1(3d)\"}, {\"status\": \"affected\", \"version\": \"4.1(2g)\"}, {\"status\": \"affected\", \"version\": \"4.1(2h)\"}, {\"status\": \"affected\", \"version\": \"4.1(3g)\"}, {\"status\": \"affected\", \"version\": \"4.1(3f)\"}, {\"status\": \"affected\", \"version\": \"4.1(2j)\"}, {\"status\": \"affected\", \"version\": \"4.1(2k)\"}, {\"status\": \"affected\", \"version\": \"4.1(3h)\"}, {\"status\": \"affected\", \"version\": \"4.2(2a)\"}, {\"status\": \"affected\", \"version\": \"4.1(3i)\"}, {\"status\": \"affected\", \"version\": \"4.1(3l)\"}, {\"status\": \"affected\", \"version\": \"4.2(1e)\"}, {\"status\": \"affected\", \"version\": \"4.2(1b)\"}, {\"status\": \"affected\", \"version\": \"4.2(1j)\"}, {\"status\": \"affected\", \"version\": \"4.2(1i)\"}, {\"status\": \"affected\", \"version\": \"4.2(1f)\"}, {\"status\": \"affected\", \"version\": \"4.2(1a)\"}, {\"status\": \"affected\", \"version\": \"4.2(1c)\"}, {\"status\": \"affected\", \"version\": \"4.2(1g)\"}, {\"status\": \"affected\", \"version\": \"4.1(2l)\"}, {\"status\": \"affected\", \"version\": \"4.1(3m)\"}, {\"status\": \"affected\", \"version\": \"4.1(2m)\"}, {\"status\": \"affected\", \"version\": \"4.1(3n)\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM\", \"name\": \"cisco-sa-ucs-ssh-priv-esc-2mZDtdjM\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\\r\\n\\r\\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-923\", \"description\": \"Improper Restriction of Communication Channel to Intended Endpoints\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-06-04T16:17:54.028Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-20261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-05T03:55:25.213Z\", \"dateReserved\": \"2024-10-10T19:15:13.243Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-06-04T16:17:54.028Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…