CVE-2025-20241

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20241
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx
Configurations

No configuration.

History

29 Aug 2025, 16:24

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la función de sistema intermedio a sistema intermedio (IS-IS) del software Cisco NX-OS para los switches Cisco Nexus de las series 3000 y 9000 en modo NX-OS independiente podría permitir que un atacante adyacente no autenticado provoque el reinicio inesperado del proceso IS-IS, lo que podría provocar la recarga del dispositivo afectado. Esta vulnerabilidad se debe a una validación de entrada insuficiente al analizar un paquete IS-IS de entrada. Un atacante podría explotar esta vulnerabilidad enviando un paquete IS-IS manipulado a un dispositivo afectado. Una explotación exitosa podría permitir al atacante provocar el reinicio inesperado del proceso IS-IS, lo que podría provocar la recarga del dispositivo afectado y provocar una denegación de servicio (DoS). Nota: El protocolo IS-IS es un protocolo de enrutamiento. Para explotar esta vulnerabilidad, un atacante debe estar adyacente a la capa 2 del dispositivo afectado.

27 Aug 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-27 17:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-20241

Mitre link : CVE-2025-20241

CVE.ORG link : CVE-2025-20241

JSON object : View

Products Affected

No product.

CWE
CWE-733

Compiler Optimization Removal or Modification of Security-critical Code