Cyber999 Advisories

1.0 Introduction
Recently, Cisco has released security updates to address multiple vulnerabilities in its products.

2.0 Impact
Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code, conduct denial-of-service (DoS) attacks, perform cross-site scripting (XSS), bypass security restrictions, or gain unauthorized access to sensitive information.

3.0 Affected Products

Critical Vulnerability

• CVE-2018-0171 – Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

High-Severity Vulnerabilities 

• CVE-2025-20317 – Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability 
• CVE-2025-20241 – Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability 
• CVE-2025-20134 – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability 

Medium-Severity Vulnerabilities 

• CVE-2025-20296 – Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability 
• CVE-2025-20294, CVE-2025-20295 – Cisco UCS Manager Software Command Injection Vulnerabilities 
• CVE-2025-20342 – Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability 
• CVE-2025-20262 – Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability 
• CVE-2025-20290 – Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability 
• CVE-2025-20292 – Cisco NX-OS Software Command Injection Vulnerability 
• CVE-2025-20347, CVE-2025-20348 – Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities 
• CVE-2025-20344 – Cisco Nexus Dashboard Path Traversal Vulnerability 
• CVE-2025-20131 – Cisco Identity Services Engine Arbitrary File Upload Vulnerability 
• CVE-2025-20269 – Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability 
• CVE-2025-20345 – Cisco Duo Authentication Proxy Information Disclosure Vulnerability 

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the following advisories and apply the necessary updates:

Kindly, please refer to the URL below:

• https://sec.cloudapps.cisco.com/security/center/publicationListing.x

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web: https://www.cybersecurity.my

5.0 References

• https://sec.cloudapps.cisco.com/security/center/publicationListing.x