Cisco Integrated Management Controller Privilege Escalation (cisco-sa-ucs-ssh-priv-esc-2mZDtdjM)

high Nessus Plugin ID 237909

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Integrated Management Controller Privilege Escalation is affected by a vulnerability.

- A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH.
A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device. (CVE-2025-20261)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwc06871, CSCwk24502

See Also

http://www.nessus.org/u?a6f52c53

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc06871

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk24502

Plugin Details

Severity: High

ID: 237909

File Name: cisco-sa-ucs-ssh-priv-esc-2mZDtdjM.nasl

Version: 1.1

Type: combined

Family: CISCO

Published: 6/6/2025

Updated: 6/6/2025

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-20261

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:integrated_management_controller

Required KB Items: Settings/ParanoidReport, Host/Cisco/CIMC/version, Host/Cisco/CIMC/model

Exploit Ease: No known exploits are available

Patch Publication Date: 6/4/2025

Vulnerability Publication Date: 6/4/2025

Reference Information

CVE: CVE-2025-20261

CWE: 923

CISCO-SA: cisco-sa-ucs-ssh-priv-esc-2mZDtdjM

IAVA: 2025-A-0403

CISCO-BUG-ID: CSCwc06871, CSCwk24502