Cisco Addresses Security Vulnerabilities in Nexus Switches and APIC

Cisco has announced updates to its Nexus switches, specifically the 3000 and 9000 series, as well as the Application Policy Infrastructure Controller (APIC), to address critical security vulnerabilities.

In recent security advisories, Cisco has identified vulnerabilities affecting its Nexus series switches and APIC. These vulnerabilities could potentially allow attackers to disrupt operations or inject unauthorized commands. One of the most serious vulnerabilities affects the Nexus 3000 and 9000 switches, where attackers can exploit the system by sending specially crafted Ethernet packets. Notably, these switches must operate in standalone mode with the NX-OS for this vulnerability to be applicable. Attackers do not require prior authentication to execute these attacks, which can lead to a denial-of-service situation as the switches may unexpectedly reboot (CVE-2025-20111, CVSS score 7.4, classified as high risk).

Additionally, Cisco has detailed another vulnerability that permits authenticated local attackers with administrative access to inject commands into the underlying operating system. This issue stems from inadequate validation of unspecified elements within the software image. By installing a compromised image, malicious actors can execute commands with root privileges (CVE-2025-20161, CVSS score 5.1, classified as medium risk). Administrators are advised to verify the hash values of software images prior to installation to mitigate this risk.

The third advisory from Cisco pertains to the Application Policy Infrastructure Controllers (APIC), which are also susceptible to three distinct vulnerabilities. These vulnerabilities could allow authenticated attackers to gain access to sensitive information, execute arbitrary commands, or carry out cross-site scripting attacks, resulting in potential denial-of-service incidents. It is important to note that valid administrative credentials are required for these attacks to be executed.

According to Cisco, the affected Nexus switches include the 3100, 3200, 3400, and 3600 series, as well as the 9200, 9300, and 9400 series operating in standalone NX-OS mode. Cisco has provided indicators of compromise (IOCs) for the denial-of-service vulnerability, which will help administrators assess whether their devices have been targeted by these attacks. The patched versions of Cisco's APICs are now available for download, specifically versions 6.0(8e) and 6.1(2f). Users still operating on version 5.3 or earlier are encouraged to upgrade to a more recent release. At the time of publication, Cisco has not reported any known exploits of these vulnerabilities in the wild.

In the past month, Cisco has been proactive in addressing security issues, having previously released updates for eight different vulnerabilities across its products.