- Description
- A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
- Source
- psirt@cisco.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-923
- Hype score
- Not currently trending
⚠️Vulnerabilidades corregidas en productos de Cisco ❗CVE-2025-20286 ❗CVE-2025-20261 ❗CVE-2025-20163 ➡️Más info: https://t.co/k2GbEB5KNW https://t.co/zimwCpBBEq
@CERTpy
9 Jun 2025
732 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20261: HIGH] Vulnerability in Cisco IMC SSH connection handling for UCS servers could enable remote attackers to access internal services with elevated privileges due to insufficient access restric...#cve,CVE-2025-20261,#cybersecurity https://t.co/6Pl6Ajp5x0 https://t.c
@CveFindCom
4 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes