- 194/20245
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, manipulate files, obtain sensitive information, or gain elevated privileges on the affected product.
Sample of addressed vulnerabilities:
1. Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to- Intermediate System Denial of Service Vulnerability (CVE-2025-20241):
- CVSS: 7.4
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability (CVE-2025-20317):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Sample of The Affected Products:
- Cisco Duo Authentication Proxy.
- Cisco EPNM.
- Cisco Prime Infrastructure.
- Cisco ISE.
- Cisco Nexus Dashboard.
- Cisco NDFC
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.