CVE-2025-20163Key Exchange without Entity Authentication in Cisco Nexus Dashboard

CWE-322Key Exchange without Entity Authentication4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 70.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nexus DashboardCisco Data Center Network ManagerCisco Nexus Dashboard
Timeline
PublishedJun 4

Description

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to imp

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.8

Affected Packages3 packages

NVDcisco/nexus_dashboard< 3.2\(2f\)
CVEListV5cisco/cisco_nexus_dashboard9 versions+8
CVEListV5cisco/cisco_data_center_network_manager39 versions+38

🔴Vulnerability Details

2
CVEList
Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability2025-06-04
GHSA
GHSA-435c-q8rw-j678: A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to imperso2025-06-04

📋Vendor Advisories

1
Cisco
Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability2025-06-04
CVE-2025-20163 — Cisco Nexus Dashboard vulnerability | cvebase