Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-1917
Vulnerability from csaf_certbund - Published: 2025-08-27 22:00 - Updated: 2025-08-27 22:00Summary
Cisco UCS und IMC: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Bei dem Cisco Unified Computing System (UCS) handelt es sich um eine Rechenzentrumsplattform, die Rechenleistung, Netzwerk, Storage-Zugriff und Virtualisierung in einem System zusammenführt.
Der Cisco Integrated Management Controller ist eine Serververwaltung für mehrere Cisco-Produkte.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Cisco Unified Computing System (UCS) und im Cisco Integrated Management Controller ausnutzen, um Administratorrechte zu erlangen, Cross-Site-Scripting-Angriffe durchzuführen, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder Benutzer auf bösartige Websites umzuleiten.
Betroffene Betriebssysteme
- CISCO Appliance
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bei dem Cisco Unified Computing System (UCS) handelt es sich um eine Rechenzentrumsplattform, die Rechenleistung, Netzwerk, Storage-Zugriff und Virtualisierung in einem System zusammenf\u00fchrt.\r\nDer Cisco Integrated Management Controller ist eine Serververwaltung f\u00fcr mehrere Cisco-Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Cisco Unified Computing System (UCS) und im Cisco Integrated Management Controller ausnutzen, um Administratorrechte zu erlangen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder Benutzer auf b\u00f6sartige Websites umzuleiten.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1917 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1917.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1917 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1917"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ucs-multi-cmdinj-E4Ukjyrz vom 2025-08-27",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ucs-xss-Ey6XhyPS vom 2025-08-27",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-xss-Ey6XhyPS"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ucs-vkvmorv-CnKrV7HK vom 2025-08-27",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-ucs-kvmsxss-6h7AnUyk vom 2025-08-27",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"
}
],
"source_lang": "en-US",
"title": "Cisco UCS und IMC: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-27T22:00:00.000+00:00",
"generator": {
"date": "2025-08-28T09:16:10.669+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1917",
"initial_release_date": "2025-08-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "NFVIS \u003c4.18.1",
"product": {
"name": "Cisco Integrated Management Controller NFVIS \u003c4.18.1",
"product_id": "T046554"
}
},
{
"category": "product_version",
"name": "NFVIS 4.18.1",
"product": {
"name": "Cisco Integrated Management Controller NFVIS 4.18.1",
"product_id": "T046554-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:integrated_management_controller:nfvis__4.18.1"
}
}
}
],
"category": "product_name",
"name": "Integrated Management Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "6300 Series \u003c4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series \u003c4.2(3p)",
"product_id": "T046542"
}
},
{
"category": "product_version",
"name": "6300 Series 4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series 4.2(3p)",
"product_id": "T046542-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6300_series__4.2%25283p%2529"
}
}
},
{
"category": "product_version_range",
"name": "6400 Series \u003c4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series \u003c4.2(3p)",
"product_id": "T046543"
}
},
{
"category": "product_version",
"name": "6400 Series 4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series 4.2(3p)",
"product_id": "T046543-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6400_series__4.2%25283p%2529"
}
}
},
{
"category": "product_version_range",
"name": "6500 Series \u003c4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series \u003c4.2(3p)",
"product_id": "T046544"
}
},
{
"category": "product_version",
"name": "6500 Series 4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series 4.2(3p)",
"product_id": "T046544-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6500_series__4.2%25283p%2529"
}
}
},
{
"category": "product_version_range",
"name": "9108 100G Fabric Interconnects \u003c4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects \u003c4.2(3p)",
"product_id": "T046545"
}
},
{
"category": "product_version",
"name": "9108 100G Fabric Interconnects 4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects 4.2(3p)",
"product_id": "T046545-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:9108_100g_fabric_interconnects__4.2%25283p%2529"
}
}
},
{
"category": "product_version_range",
"name": "6300 Series \u003c4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series \u003c4.3(6c)",
"product_id": "T046546"
}
},
{
"category": "product_version",
"name": "6300 Series 4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series 4.3(6c)",
"product_id": "T046546-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6300_series__4.3%25286c%2529"
}
}
},
{
"category": "product_version_range",
"name": "6400 Series \u003c4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series \u003c4.3(6c)",
"product_id": "T046547"
}
},
{
"category": "product_version",
"name": "6400 Series 4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series 4.3(6c)",
"product_id": "T046547-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6400_series__4.3%25286c%2529"
}
}
},
{
"category": "product_version_range",
"name": "6500 Series \u003c4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series \u003c4.3(6c)",
"product_id": "T046548"
}
},
{
"category": "product_version",
"name": "6500 Series 4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series 4.3(6c)",
"product_id": "T046548-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6500_series__4.3%25286c%2529"
}
}
},
{
"category": "product_version_range",
"name": "9108 100G Fabric Interconnects \u003c4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects \u003c4.3(6c)",
"product_id": "T046549"
}
},
{
"category": "product_version",
"name": "9108 100G Fabric Interconnects 4.3(6c)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects 4.3(6c)",
"product_id": "T046549-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:9108_100g_fabric_interconnects__4.3%25286c%2529"
}
}
},
{
"category": "product_version_range",
"name": "6300 Series \u003c4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series \u003c4.3(6a)",
"product_id": "T046550"
}
},
{
"category": "product_version",
"name": "6300 Series 4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6300 Series 4.3(6a)",
"product_id": "T046550-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6300_series__4.3%25286a%2529"
}
}
},
{
"category": "product_version_range",
"name": "6400 Series \u003c4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series \u003c4.3(6a)",
"product_id": "T046551"
}
},
{
"category": "product_version",
"name": "6400 Series 4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6400 Series 4.3(6a)",
"product_id": "T046551-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6400_series__4.3%25286a%2529"
}
}
},
{
"category": "product_version_range",
"name": "6500 Series \u003c4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series \u003c4.3(6a)",
"product_id": "T046552"
}
},
{
"category": "product_version",
"name": "6500 Series 4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 6500 Series 4.3(6a)",
"product_id": "T046552-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:6500_series__4.3%25286a%2529"
}
}
},
{
"category": "product_version_range",
"name": "9108 100G Fabric Interconnects \u003c4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects \u003c4.3(6a)",
"product_id": "T046553"
}
},
{
"category": "product_version",
"name": "9108 100G Fabric Interconnects 4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) 9108 100G Fabric Interconnects 4.3(6a)",
"product_id": "T046553-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:9108_100g_fabric_interconnects__4.3%25286a%2529"
}
}
},
{
"category": "product_version_range",
"name": "Manager Software \u003c4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) Manager Software \u003c4.2(3p)",
"product_id": "T046555"
}
},
{
"category": "product_version",
"name": "Manager Software 4.2(3p)",
"product": {
"name": "Cisco Unified Computing System (UCS) Manager Software 4.2(3p)",
"product_id": "T046555-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:manager_software__4.2%25283p%2529"
}
}
},
{
"category": "product_version_range",
"name": "Manager Software \u003c4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) Manager Software \u003c4.3(6a)",
"product_id": "T046556"
}
},
{
"category": "product_version",
"name": "Manager Software 4.3(6a)",
"product": {
"name": "Cisco Unified Computing System (UCS) Manager Software 4.3(6a)",
"product_id": "T046556-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:manager_software__4.3%25286a%2529"
}
}
},
{
"category": "product_version",
"name": "C-Series",
"product": {
"name": "Cisco Unified Computing System (UCS) C-Series",
"product_id": "T046564",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:c-series"
}
}
},
{
"category": "product_version",
"name": "E-Series",
"product": {
"name": "Cisco Unified Computing System (UCS) E-Series",
"product_id": "T046565",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:e-series"
}
}
},
{
"category": "product_version",
"name": "B-Series",
"product": {
"name": "Cisco Unified Computing System (UCS) B-Series",
"product_id": "T046566",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:b-series"
}
}
},
{
"category": "product_version",
"name": "X-Series",
"product": {
"name": "Cisco Unified Computing System (UCS) X-Series",
"product_id": "T046567",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:x-series"
}
}
},
{
"category": "product_version",
"name": "Manager Software",
"product": {
"name": "Cisco Unified Computing System (UCS) Manager Software",
"product_id": "T046568",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:manager_software"
}
}
}
],
"category": "product_name",
"name": "Unified Computing System (UCS)"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-20294",
"product_status": {
"known_affected": [
"T046547",
"T046548",
"T046545",
"T046568",
"T046546",
"T046549",
"T046543",
"T046544",
"T046542"
]
},
"release_date": "2025-08-27T22:00:00.000+00:00",
"title": "CVE-2025-20294"
},
{
"cve": "CVE-2025-20295",
"product_status": {
"known_affected": [
"T046547",
"T046548",
"T046545",
"T046546",
"T046549",
"T046543",
"T046544",
"T046542"
]
},
"release_date": "2025-08-27T22:00:00.000+00:00",
"title": "CVE-2025-20295"
},
{
"cve": "CVE-2025-20296",
"product_status": {
"known_affected": [
"T046545",
"T046550",
"T046551",
"T046543",
"T046544",
"T046552",
"T046542",
"T046553"
]
},
"release_date": "2025-08-27T22:00:00.000+00:00",
"title": "CVE-2025-20296"
},
{
"cve": "CVE-2025-20317",
"product_status": {
"known_affected": [
"T046567",
"T046556",
"T046568",
"T046565",
"T046554",
"T046566",
"T046555",
"T046564"
]
},
"release_date": "2025-08-27T22:00:00.000+00:00",
"title": "CVE-2025-20317"
},
{
"cve": "CVE-2025-20342",
"product_status": {
"known_affected": [
"T046567",
"T046556",
"T046568",
"T046565",
"T046554",
"T046566",
"T046555",
"T046564"
]
},
"release_date": "2025-08-27T22:00:00.000+00:00",
"title": "CVE-2025-20342"
}
]
}
CVE-2025-20317 (GCVE-0-2025-20317)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 18:52
VLAI?
EPSS
Title
Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.
This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
7.1 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20342 (GCVE-0-2025-20342)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 17:38
VLAI?
EPSS
Title
Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.
Note: The affected vKVM client is also included in Cisco UCS Manager.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 3.2(3n) Affected: 4.1(1a) Affected: 4.1(1b) Affected: 4.0(4h) Affected: 4.1(1c) Affected: 3.2(3k) Affected: 3.2(2c) Affected: 4.0(4e) Affected: 4.0(4g) Affected: 3.2(3i) Affected: 4.0(2e) Affected: 3.2(3g) Affected: 4.0(4a) Affected: 4.0(2d) Affected: 3.2(2d) Affected: 4.0(1b) Affected: 4.0(4f) Affected: 3.2(3h) Affected: 3.2(2f) Affected: 4.0(4c) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3d) Affected: 3.2(2b) Affected: 4.0(4b) Affected: 3.2(2e) Affected: 4.0(2b) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3e) Affected: 3.2(3l) Affected: 3.2(3b) Affected: 4.0(2a) Affected: 3.2(3j) Affected: 4.0(1d) Affected: 3.2(3o) Affected: 4.0(4i) Affected: 4.1(1d) Affected: 4.1(2a) Affected: 4.1(1e) Affected: 3.2(3p) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T17:19:43.762688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T17:38:30.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.618Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"
}
],
"source": {
"advisory": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"defects": [
"CSCwm57433"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20342",
"datePublished": "2025-08-27T16:23:18.618Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-08-27T17:38:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20295 (GCVE-0-2025-20295)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-28 03:55
VLAI?
EPSS
Title
Cisco UCS Manager Software Command Injection Vulnerability
Summary
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files.
This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device.
Severity ?
6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 4.1(1d) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 4.0(2b) Affected: 4.1(2a) Affected: 4.0(4a) Affected: 4.0(4e) Affected: 3.2(3p) Affected: 4.0(4h) Affected: 3.2(3d) Affected: 3.2(3l) Affected: 3.2(3o) Affected: 4.0(2a) Affected: 4.1(1c) Affected: 4.0(1b) Affected: 3.2(3j) Affected: 3.2(2e) Affected: 4.1(1e) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3i) Affected: 4.0(4b) Affected: 4.0(2e) Affected: 4.1(1a) Affected: 3.2(3h) Affected: 4.0(4g) Affected: 3.2(2c) Affected: 3.2(3k) Affected: 3.2(3g) Affected: 3.2(2b) Affected: 4.0(1d) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3e) Affected: 3.2(2d) Affected: 4.0(4i) Affected: 3.2(2f) Affected: 4.0(2d) Affected: 4.1(1b) Affected: 3.2(3n) Affected: 3.2(3b) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(6a) Affected: 4.3(6b) Affected: 4.3(5e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T03:55:30.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(6a)"
},
{
"status": "affected",
"version": "4.3(6b)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files.\r\n\u0026nbsp;\r\nThis vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:29.354Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-multi-cmdinj-E4Ukjyrz",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz"
}
],
"source": {
"advisory": "cisco-sa-ucs-multi-cmdinj-E4Ukjyrz",
"defects": [
"CSCwm88176"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Manager Software Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20295",
"datePublished": "2025-08-27T16:23:29.354Z",
"dateReserved": "2024-10-10T19:15:13.252Z",
"dateUpdated": "2025-08-28T03:55:30.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20296 (GCVE-0-2025-20296)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-27 17:38
VLAI?
EPSS
Title
Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 4.1(1d) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 4.0(2b) Affected: 4.1(2a) Affected: 4.0(4a) Affected: 4.0(4e) Affected: 3.2(3p) Affected: 4.0(4h) Affected: 3.2(3d) Affected: 3.2(3l) Affected: 3.2(3o) Affected: 4.0(2a) Affected: 4.1(1c) Affected: 4.0(1b) Affected: 3.2(3j) Affected: 3.2(2e) Affected: 4.1(1e) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3i) Affected: 4.0(4b) Affected: 4.0(2e) Affected: 4.1(1a) Affected: 3.2(3h) Affected: 4.0(4g) Affected: 3.2(2c) Affected: 3.2(3k) Affected: 3.2(3g) Affected: 3.2(2b) Affected: 4.0(1d) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3e) Affected: 3.2(2d) Affected: 4.0(4i) Affected: 3.2(2f) Affected: 4.0(2d) Affected: 4.1(1b) Affected: 3.2(3n) Affected: 3.2(3b) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(5e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T17:19:53.952653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T17:38:39.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "cvssV3_0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:09.472Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-xss-Ey6XhyPS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-xss-Ey6XhyPS"
}
],
"source": {
"advisory": "cisco-sa-ucs-xss-Ey6XhyPS",
"defects": [
"CSCwm57438"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20296",
"datePublished": "2025-08-27T16:23:09.472Z",
"dateReserved": "2024-10-10T19:15:13.252Z",
"dateUpdated": "2025-08-27T17:38:39.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20294 (GCVE-0-2025-20294)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:23 – Updated: 2025-08-28 03:55
VLAI?
EPSS
Title
Cisco UCS Manager Software Command Injection Vulnerability
Summary
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.
These vulnerabilities are due to insufficient input validation of command arguments supplied by the user. An attacker could exploit these vulnerabilities by authenticating to a device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
4.0(1a)
Affected: 4.1(1d) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 4.0(2b) Affected: 4.1(2a) Affected: 4.0(4a) Affected: 4.0(4e) Affected: 3.2(3p) Affected: 4.0(4h) Affected: 3.2(3d) Affected: 3.2(3l) Affected: 3.2(3o) Affected: 4.0(2a) Affected: 4.1(1c) Affected: 4.0(1b) Affected: 3.2(3j) Affected: 3.2(2e) Affected: 4.1(1e) Affected: 4.0(4d) Affected: 3.2(1d) Affected: 3.2(3i) Affected: 4.0(4b) Affected: 4.0(2e) Affected: 4.1(1a) Affected: 3.2(3h) Affected: 4.0(4g) Affected: 3.2(2c) Affected: 3.2(3k) Affected: 3.2(3g) Affected: 3.2(2b) Affected: 4.0(1d) Affected: 3.2(3a) Affected: 4.0(1c) Affected: 3.2(3e) Affected: 3.2(2d) Affected: 4.0(4i) Affected: 3.2(2f) Affected: 4.0(2d) Affected: 4.1(1b) Affected: 3.2(3n) Affected: 3.2(3b) Affected: 4.1(2b) Affected: 4.0(4k) Affected: 4.1(3a) Affected: 4.1(3b) Affected: 4.1(2c) Affected: 4.0(4l) Affected: 4.1(4a) Affected: 4.1(3c) Affected: 4.1(3d) Affected: 4.2(1c) Affected: 4.2(1d) Affected: 4.0(4m) Affected: 4.1(3e) Affected: 4.2(1f) Affected: 4.1(3f) Affected: 4.2(1i) Affected: 4.1(3h) Affected: 4.2(1k) Affected: 4.2(1l) Affected: 4.0(4n) Affected: 4.2(1m) Affected: 4.1(3i) Affected: 4.2(2a) Affected: 4.2(1n) Affected: 4.1(3j) Affected: 4.2(2c) Affected: 4.2(2d) Affected: 4.2(3b) Affected: 4.1(3k) Affected: 4.0(4o) Affected: 4.2(2e) Affected: 4.2(3d) Affected: 4.2(3e) Affected: 4.2(3g) Affected: 4.1(3l) Affected: 4.3(2b) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2c) Affected: 4.1(3m) Affected: 4.3(2e) Affected: 4.3(3a) Affected: 4.2(3j) Affected: 4.3(3c) Affected: 4.3(4a) Affected: 4.2(3k) Affected: 4.3(4b) Affected: 4.3(4c) Affected: 4.2(3l) Affected: 4.3(4d) Affected: 4.3(2f) Affected: 4.2(3m) Affected: 4.3(5a) Affected: 4.3(4e) Affected: 4.1(3n) Affected: 4.3(4f) Affected: 4.2(3n) Affected: 4.3(5c) Affected: 4.2(3o) Affected: 4.3(5d) Affected: 4.3(6a) Affected: 4.3(6b) Affected: 4.3(5e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T03:55:29.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(6a)"
},
{
"status": "affected",
"version": "4.3(6b)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.\r\n\u0026nbsp;\r\nThese vulnerabilities are due to insufficient input validation of command arguments supplied by the user. An attacker could exploit these vulnerabilities by authenticating to a device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:27.719Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-multi-cmdinj-E4Ukjyrz",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-multi-cmdinj-E4Ukjyrz"
}
],
"source": {
"advisory": "cisco-sa-ucs-multi-cmdinj-E4Ukjyrz",
"defects": [
"CSCwn06825"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Manager Software Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20294",
"datePublished": "2025-08-27T16:23:27.719Z",
"dateReserved": "2024-10-10T19:15:13.252Z",
"dateUpdated": "2025-08-28T03:55:29.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…