Vulnerability-Lookup

BDU:2025-08247

Vulnerability from fstec - Published: 24.06.2025

Title

Уязвимость реализации протокола SSH унифицированной системы управления Cisco Unified Computing System серверов Cisco UCS B-Series, Managed C-Series и X-Series, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость реализации протокола SSH унифицированной системы управления Cisco Unified Computing System серверов Cisco UCS B-Series, Managed C-Series и X-Series связана с недостаточным ограничением канала связи для заданных конечных точек. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Unified Computing System

Software Version

от 4.3 до 4.3(4d) (Unified Computing System), от 4.3 до 4.3(4a) (Unified Computing System), от 4.2 до 4.2(3j) (Unified Computing System), от 4.2 до 4.2(3m) (Unified Computing System), от 4.3 до 4.3(4.240152) (M6, M7) (Unified Computing System), от 4.3 до 4.3(2.240090) (M5) (Unified Computing System), от 5.0 до 5.0(4g) (Unified Computing System), от 5.1 до 5.2(2.240051) (Unified Computing System), от 5.1 до 5.2(2.240053) (Unified Computing System)

Possible Mitigations

Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM

CWE

CWE-923

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.3 \u0434\u043e 4.3(4d) (Unified Computing System), \u043e\u0442 4.3 \u0434\u043e 4.3(4a) (Unified Computing System), \u043e\u0442 4.2 \u0434\u043e 4.2(3j) (Unified Computing System), \u043e\u0442 4.2 \u0434\u043e 4.2(3m) (Unified Computing System), \u043e\u0442 4.3 \u0434\u043e 4.3(4.240152) (M6, M7) (Unified Computing System), \u043e\u0442 4.3 \u0434\u043e 4.3(2.240090) (M5) (Unified Computing System), \u043e\u0442 5.0 \u0434\u043e 5.0(4g) (Unified Computing System), \u043e\u0442 5.1 \u0434\u043e 5.2(2.240051) (Unified Computing System), \u043e\u0442 5.1 \u0434\u043e 5.2(2.240053) (Unified Computing System)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.07.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08247",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-20261",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Unified Computing System",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSH \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Cisco Unified Computing System \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Cisco UCS B-Series, Managed C-Series \u0438 X-Series, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043a\u0430\u043d\u0430\u043b\u0430 \u0441\u0432\u044f\u0437\u0438 \u0434\u043b\u044f \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a (CWE-923)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSH \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Cisco Unified Computing System \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Cisco UCS B-Series, Managed C-Series \u0438 X-Series \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u043a\u0430\u043d\u0430\u043b\u0430 \u0441\u0432\u044f\u0437\u0438 \u0434\u043b\u044f \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-923",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CVE-2025-20261 (GCVE-0-2025-20261)

Vulnerability from cvelistv5 – Published: 2025-06-04 16:17 – Updated: 2026-02-26 18:27

Title

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Summary

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco Unified Computing System (Managed)

Affected: 4.0(1a)
Affected: 3.2(3n)
Affected: 4.1(1a)
Affected: 4.1(1b)
Affected: 4.0(4h)
Affected: 4.1(1c)
Affected: 3.2(3k)
Affected: 3.2(2c)
Affected: 4.0(4e)
Affected: 4.0(4g)
Affected: 3.2(3i)
Affected: 4.0(2e)
Affected: 3.2(3g)
Affected: 4.0(4a)
Affected: 4.0(2d)
Affected: 3.2(2d)
Affected: 4.0(1b)
Affected: 4.0(4f)
Affected: 3.2(3h)
Affected: 3.2(2f)
Affected: 4.0(4c)
Affected: 3.2(3a)
Affected: 4.0(1c)
Affected: 3.2(3d)
Affected: 3.2(2b)
Affected: 4.0(4b)
Affected: 3.2(2e)
Affected: 4.0(2b)
Affected: 4.0(4d)
Affected: 3.2(1d)
Affected: 3.2(3e)
Affected: 3.2(3l)
Affected: 3.2(3b)
Affected: 4.0(2a)
Affected: 3.2(3j)
Affected: 4.0(1d)
Affected: 3.2(3o)
Affected: 4.0(4i)
Affected: 4.1(1d)
Affected: 4.1(2a)
Affected: 4.1(1e)
Affected: 3.2(3p)
Affected: 4.1(2b)
Affected: 4.0(4k)
Affected: 4.1(3a)
Affected: 4.1(3b)
Affected: 4.1(2c)
Affected: 4.0(4l)
Affected: 4.1(4a)
Affected: 4.1(3c)
Affected: 4.1(3d)
Affected: 4.2(1c)
Affected: 4.2(1d)
Affected: 4.0(4m)
Affected: 4.1(3e)
Affected: 4.2(1f)
Affected: 4.1(3f)
Affected: 4.2(1i)
Affected: 4.2(1k)
Affected: 4.0(4n)
Affected: 4.1(3h)
Affected: 4.2(1l)
Affected: 4.2(1m)
Affected: 4.1(3i)
Affected: 4.2(2a)
Affected: 4.2(1n)
Affected: 4.1(3j)
Affected: 4.2(2c)
Affected: 4.2(2d)
Affected: 4.2(3b)
Affected: 4.1(3k)
Affected: 4.0(4o)
Affected: 4.2(2e)
Affected: 4.2(3d)
Affected: 4.2(3e)
Affected: 4.2(3g)
Affected: 4.1(3l)
Affected: 4.3(2b)
Affected: 4.2(3h)
Affected: 4.2(3i)
Affected: 4.3(2c)
Affected: 4.1(3m)
Affected: 4.3(2e)
Affected: 4.3(3a)
Affected: 4.2(3j)
Affected: 4.3(3c)
Affected: 4.3(4a)
Affected: 4.3(4b)
Affected: 4.3(2f)
Affected: 4.1(3n)

Cisco

Cisco Unified Computing System (Standalone)

Affected: 4.0(2g)
Affected: 3.1(2i)
Affected: 3.1(1d)
Affected: 4.0(4i)
Affected: 4.1(1c)
Affected: 4.0(2c)
Affected: 4.0(1e)
Affected: 4.0(2h)
Affected: 4.0(4h)
Affected: 4.0(1h)
Affected: 4.0(2l)
Affected: 3.1(3g)
Affected: 4.0(1.240)
Affected: 4.0(2f)
Affected: 4.0(1g)
Affected: 4.0(2i)
Affected: 3.1(3i)
Affected: 4.0(4d)
Affected: 4.1(1d)
Affected: 3.1(3c)
Affected: 4.0(4k)
Affected: 3.1(2d)
Affected: 3.1(3a)
Affected: 3.1(3j)
Affected: 4.0(2d)
Affected: 4.1(1f)
Affected: 4.0(4j)
Affected: 4.0(2m)
Affected: 4.0(2k)
Affected: 4.0(1c)
Affected: 4.0(4f)
Affected: 4.0(4c)
Affected: 3.1(3d)
Affected: 3.1(2g)
Affected: 3.1(2c)
Affected: 4.0(1d)
Affected: 3.1(2e)
Affected: 4.0(1a)
Affected: 4.0(1b)
Affected: 3.1(3b)
Affected: 4.0(4b)
Affected: 3.1(2b)
Affected: 4.0(4e)
Affected: 3.1(3h)
Affected: 4.0(4l)
Affected: 4.1(1g)
Affected: 4.1(2a)
Affected: 4.0(2n)
Affected: 4.1(1h)
Affected: 3.1(3k)
Affected: 4.1(2b)
Affected: 4.0(2o)
Affected: 4.0(4m)
Affected: 4.1(2d)
Affected: 4.1(3b)
Affected: 4.0(2p)
Affected: 4.1(2e)
Affected: 4.1(2f)
Affected: 4.0(4n)
Affected: 4.0(2q)
Affected: 4.1(3c)
Affected: 4.0(2r)
Affected: 4.1(3d)
Affected: 4.1(2g)
Affected: 4.1(2h)
Affected: 4.1(3g)
Affected: 4.1(3f)
Affected: 4.1(2j)
Affected: 4.1(2k)
Affected: 4.1(3h)
Affected: 4.2(2a)
Affected: 4.1(3i)
Affected: 4.1(3l)
Affected: 4.2(1e)
Affected: 4.2(1b)
Affected: 4.2(1j)
Affected: 4.2(1i)
Affected: 4.2(1f)
Affected: 4.2(1a)
Affected: 4.2(1c)
Affected: 4.2(1g)
Affected: 4.1(2l)
Affected: 4.1(3m)
Affected: 4.1(2m)
Affected: 4.1(3n)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T03:55:25.941757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:27:36.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Managed)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.1(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3k)"
            },
            {
              "status": "affected",
              "version": "3.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "4.0(4g)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(2e)"
            },
            {
              "status": "affected",
              "version": "3.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(4a)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "3.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "3.2(3h)"
            },
            {
              "status": "affected",
              "version": "3.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.2(3a)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3d)"
            },
            {
              "status": "affected",
              "version": "3.2(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "3.2(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(3l)"
            },
            {
              "status": "affected",
              "version": "3.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2a)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(1e)"
            },
            {
              "status": "affected",
              "version": "3.2(3p)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "4.1(3a)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(4a)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(3e)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1k)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.2(1m)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.2(1n)"
            },
            {
              "status": "affected",
              "version": "4.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.0(4o)"
            },
            {
              "status": "affected",
              "version": "4.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2b)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.3(2c)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.3(2e)"
            },
            {
              "status": "affected",
              "version": "4.3(3a)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.3(3c)"
            },
            {
              "status": "affected",
              "version": "4.3(4a)"
            },
            {
              "status": "affected",
              "version": "4.3(4b)"
            },
            {
              "status": "affected",
              "version": "4.3(2f)"
            },
            {
              "status": "affected",
              "version": "4.1(3n)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Standalone)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1e)"
            },
            {
              "status": "affected",
              "version": "4.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "4.0(2l)"
            },
            {
              "status": "affected",
              "version": "3.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(1.240)"
            },
            {
              "status": "affected",
              "version": "4.0(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.0(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "3.1(2d)"
            },
            {
              "status": "affected",
              "version": "3.1(3a)"
            },
            {
              "status": "affected",
              "version": "3.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(1f)"
            },
            {
              "status": "affected",
              "version": "4.0(4j)"
            },
            {
              "status": "affected",
              "version": "4.0(2m)"
            },
            {
              "status": "affected",
              "version": "4.0(2k)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.1(3d)"
            },
            {
              "status": "affected",
              "version": "3.1(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "3.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "3.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(2n)"
            },
            {
              "status": "affected",
              "version": "4.1(1h)"
            },
            {
              "status": "affected",
              "version": "3.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(2o)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2p)"
            },
            {
              "status": "affected",
              "version": "4.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.1(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.0(2q)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(2r)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "4.1(2h)"
            },
            {
              "status": "affected",
              "version": "4.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.1(2j)"
            },
            {
              "status": "affected",
              "version": "4.1(2k)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(1e)"
            },
            {
              "status": "affected",
              "version": "4.2(1b)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.2(1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2l)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "4.1(3n)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "Improper Restriction of Communication Channel to Intended Endpoints",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T16:17:54.028Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
        "defects": [
          "CSCwk24502"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20261",
    "datePublished": "2025-06-04T16:17:54.028Z",
    "dateReserved": "2024-10-10T19:15:13.243Z",
    "dateUpdated": "2026-02-26T18:27:36.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-08247

CVE-2025-20261 (GCVE-0-2025-20261)

Tags

Sightings

Nomenclature