Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability

cisco-sa-ndfc-shkv-snQJtjrp · High · Published · Updated

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2025-20163
Cisco Bug IDsCSCwm50501
CVSS ScoreBase 8.7
Base 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Data Center Network Manager, Cisco Nexus Dashboard

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2025-20163 Cisco OpenVuln
Cisco Data Center Network Manager CVE-2025-20163 Cisco OpenVuln