DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-20290: Cisco NX-OS: The Call is Coming From Inside the Logs

#security #cve #cybersecurity

Cisco NX-OS: The Call is Coming From Inside the Logs

Vulnerability ID: CVE-2025-20290
CVSS Score: 5.5
Published: 2025-08-27

A classic but deadly instance of CWE-532 (Insertion of Sensitive Information into Log File) within Cisco's NX-OS and UCS Fabric Interconnects. While categorized as 'Medium' severity due to the local access requirement, this vulnerability serves as a trivial privilege escalation path for any insider or compromised low-level account. By simply reading the system's own diary—its log files—an attacker can recover cleartext credentials and elevate to full administrative control.

TL;DR

Cisco NX-OS and UCS devices were caught logging sensitive credentials in cleartext. An attacker with local, low-privileged access (like a guest shell) can simply grep the logs to find admin passwords and take over the device.

Technical Details

  • CWE ID: CWE-532
  • Attack Vector: Local
  • CVSS v3.1: 5.5 (Medium)
  • EPSS Score: 0.00016
  • Exploit Status: PoC Not Public (Logic Trivial)
  • Impact: Confidentiality High

Affected Systems

  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 9000 Series Switches (Standalone)
  • Cisco UCS 6400 Series Fabric Interconnects
  • Cisco UCS 6500 Series Fabric Interconnects
  • Cisco UCS 9108 100G Fabric Interconnects
  • Cisco NX-OS Software: 7.0(3)I4(x) - 10.5(3o) (Fixed in: See Vendor Advisory)
  • Cisco UCS Manager: 4.0(1a) - 4.3(6b) (Fixed in: 4.3(6c) or later)

Exploit Details

  • N/A: No public exploit code available; exploit relies on standard system tools (grep/cat).

Mitigation Strategies

  • Update Cisco NX-OS Software to fixed releases.
  • Update Cisco UCS Manager Software.
  • Restrict local shell (guestshell) access to trusted administrators only.
  • Rotate all administrative credentials post-patch.

Remediation Steps:

  1. Identify vulnerable devices using 'show version'.
  2. Download the appropriate system image from Cisco Software Center.
  3. Perform a 'show tech-support' before upgrade (securely!) for baseline, then delete it.
  4. Install the new image: 'install all nxos '.
  5. Execute 'clear logging logfile' to remove potentially tainted historical logs.
  6. Change the 'admin' user password and any other local user passwords.

References

Read the full report for CVE-2025-20290 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)