Vulnslist

find the latest Cisco vulnerabilities

Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability

cisco-sa-nxospc-pim6-vG4jFPh · Medium · Published · Updated

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. For an example of an ephemeral query, see the About Ephemeral Data in gRPC section of the Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 9.3(x). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPh This advisory is part of the August 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2025-20262
Cisco Bug IDsCSCwn69044
CVSS ScoreBase 5.0
Base 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco NX-OS Software 9.2(1), Cisco NX-OS Software 9.2(2), Cisco NX-OS Software 9.2(2t), Cisco NX-OS Software 9.2(3), Cisco NX-OS Software 9.2(3y), Cisco NX-OS Software 9.2(4), Cisco NX-OS Software 9.2(2v), Cisco NX-OS Software 9.3(1), Cisco NX-OS Software 9.3(2), Cisco NX-OS Software 9.3(3), Cisco NX-OS Software 9.3(1z), Cisco NX-OS Software 9.3(4), Cisco NX-OS Software 9.3(5), Cisco NX-OS Software 9.3(6), Cisco NX-OS Software 9.3(5w), Cisco NX-OS Software 9.3(7), Cisco NX-OS Software 9.3(7k), Cisco NX-OS Software 9.3(7a), Cisco NX-OS Software 9.3(8), Cisco NX-OS Software 9.3(9), Cisco NX-OS Software 9.3(10), Cisco NX-OS Software 9.3(11), Cisco NX-OS Software 9.3(12), Cisco NX-OS Software 9.3(13), Cisco NX-OS Software 9.3(14), Cisco NX-OS Software 10.1(1), Cisco NX-OS Software 10.1(2), Cisco NX-OS Software 10.1(2t), Cisco NX-OS Software 10.2(1), Cisco NX-OS Software 10.2(1q), Cisco NX-OS Software 10.2(2), Cisco NX-OS Software 10.2(3), Cisco NX-OS Software 10.2(2a), Cisco NX-OS Software 10.2(3t), Cisco NX-OS Software 10.2(4), Cisco NX-OS Software 10.2(5), Cisco NX-OS Software 10.2(3v), Cisco NX-OS Software 10.2(6), Cisco NX-OS Software 10.2(7), Cisco NX-OS Software 10.2(8), Cisco NX-OS Software 10.3(1), Cisco NX-OS Software 10.3(2), Cisco NX-OS Software 10.3(3), Cisco NX-OS Software 10.3(99w), Cisco NX-OS Software 10.3(3w), Cisco NX-OS Software 10.3(99x), Cisco NX-OS Software 10.3(3o), Cisco NX-OS Software 10.3(4a), Cisco NX-OS Software 10.3(3p), Cisco NX-OS Software 10.3(4), Cisco NX-OS Software 10.3(3q), Cisco NX-OS Software 10.3(3x), Cisco NX-OS Software 10.3(5), Cisco NX-OS Software 10.3(4g), Cisco NX-OS Software 10.3(3r), Cisco NX-OS Software 10.3(6), Cisco NX-OS Software 10.3(4h), Cisco NX-OS Software 10.4(1), Cisco NX-OS Software 10.4(2), Cisco NX-OS Software 10.4(3), Cisco NX-OS Software 10.4(4), Cisco NX-OS Software 10.4(4g), Cisco NX-OS Software 10.5(1), Cisco NX-OS Software 10.5(2), Cisco NX-OS Software, Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches

Related Products

Product CVE Evidence