Cisco has patched command injection and DoS vulnerabilities affecting some of its Nexus switches, including a high-severity flaw.
February 27, 2025 By Eduard Kovacs
Cisco informed customers on Wednesday that it has patched command injection and denial-of-service (DoS) vulnerabilities in some of its Nexus switches.
One of the vulnerabilities, tracked as CVE-2025-20111, has been described as a high-severity issue related to the incorrect handling of some Ethernet frames. The issue impacts the health monitoring diagnostics component of Nexus 3000 and 9000 series switches — in the case of 9000 series products, they are affected only in standalone NX-OS mode.
The vulnerability can allow an unauthenticated attacker who has access to the targeted device to cause a DoS condition.
“An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload,” Cisco said in its advisory.
