CVE-2025-20261Improper Restriction of Communication Channel to Intended Endpoints in Cisco Unified Computing System

CWE-923Improper Restriction of Communication Channel to Intended Endpoints4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 31.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedJun 4

Description

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affect

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system142 versions+141

🔴Vulnerability Details

2
GHSA
GHSA-2vx9-p4fj-xxq6: A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and2025-06-04
CVEList
Cisco Integrated Management Controller Privilege Escalation Vulnerability2025-06-04

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Privilege Escalation Vulnerability2025-06-04
CVE-2025-20261 — Cisco vulnerability | cvebase