Cisco plugs security holes in Nexus switches and APIC
Cisco has released updates for Nexus switches in the 3000 and 9000 series as well as for APIC. They seal security leaks.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
In new security notices,Cisco warns of vulnerabilities in switches of the Nexus 3000 and Nexus 9000 series, as well as in the Application Policy Infrastructure Controller (APIC). The Nexus switches can be paralyzed or commands can be subverted as a result; the situation is similar with Cisco's APIC, but there are also gaps that give unauthorized people access to information.
Cisco classifies a gap in the Cisco Nexus 3000 and 9000 switches as the most serious, which attackers can exploit by sending manipulated Ethernet packets. The switches must be running in NX-OS standalone mode for this, Cisco explains in the warning. Attackers do not require prior authentication. In response to such prepared Ethernet frames, the switches restart unexpectedly, resulting in a denial of service situation (CVE-2025-20111, CVSS 7.4, risk “high”).
Command smuggling possible
Another security bulletin from Cisco discusses the fact that authenticated, local attackers with administrator access can inject commands into the underlying operating system. This is due to insufficient checks of certain, unspecified elements in a software image; by installing a manipulated image, malicious actors can abuse this to execute commands in the operating system as the “root” user (CVE-2025-20161, CVSS 5.1, medium). Admins should therefore check the hash values of software images before installing them.
Videos by heise
The third security bulletin from Cisco deals with the Application Policy Infrastructure Controllers (APIC). It contains three vulnerabilities that allow authenticated attackers to access sensitive information, execute arbitrary commands and carry out cross-site scripting attacks or provoke denial of service. This requires valid administrator credentials.
According to Cisco, Nexus switches from the 3100, 3200, 3400 and 3600 series as well as the 9200, 9300 and 9400 series in standalone NX OS mode are affected. Cisco also lists indicators of compromise (IOCs) for the denial-of-service vulnerability, which admins can use to check whether their devices have been attacked. The bug-fixed versions 6.0(8e) and 6.1(2f) are available for download for Cisco APICs; anyone still using 5.3 or older should migrate to one of the newer releases. At the time of reporting, Cisco has no knowledge that the vulnerabilities have already been attacked on the Internet.
Cisco last made an effort to plug security holes three weeks ago. At that time, the company published eight security bulletins and associated updates.
(dmk)
