PT-2025-34889 · Cisco · Cisco Nexus 3000 Series Switches+6
M.P
·
Published
2025-08-27
·
Updated
2025-08-27
·
CVE-2025-20290
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Cisco NX-OS Software for Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Cisco UCS 6400 Fabric Interconnects
Cisco UCS 6500 Series Fabric Interconnects
Cisco UCS 9108 100G Fabric Interconnects (affected versions not specified)
Description:
A vulnerability exists in the logging feature that could allow an authenticated, local attacker access to sensitive information. This is due to improper logging of sensitive information, and an attacker could exploit this by accessing log files on the file system. A successful exploit could allow the attacker to access sensitive information, such as stored credentials.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Nx-Os
Cisco Nexus
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Ucs 6400 Fabric Interconnects
Cisco Ucs 6500 Series Fabric Interconnects
Cisco Ucs 9108 100G Fabric Interconnects