CVE-2025-20261

{"id": "CVE-2025-20261", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-06-04T17:15:26.827", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la gesti\u00f3n de conexiones SSH de Cisco Integrated Management Controller (IMC) para servidores Cisco UCS serie B, UCS serie C, UCS serie S y UCS serie X podr\u00eda permitir que un atacante remoto autenticado acceda a servicios internos con privilegios elevados. Esta vulnerabilidad se debe a restricciones insuficientes de acceso a los servicios internos. Un atacante con una cuenta de usuario v\u00e1lida podr\u00eda explotar esta vulnerabilidad utilizando una sintaxis manipulada al conectarse a Cisco IMC de un dispositivo afectado mediante SSH. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a servicios internos con privilegios elevados, lo que podr\u00eda permitir modificaciones no autorizadas en el sistema, incluyendo la posibilidad de crear nuevas cuentas de administrador en el dispositivo afectado."}], "lastModified": "2025-06-05T20:12:23.777", "sourceIdentifier": "psirt@cisco.com"}