Vulners
Lucene search
Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2025-20241 | 27 Aug 202516:03 | – | circl |
 | Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability | 27 Aug 202516:00 | – | cisco |
 | Cisco NX-OS Software 安全漏洞 | 27 Aug 202500:00 | – | cnnvd |
 | CVE-2025-20241 | 27 Aug 202516:23 | – | cve |
 | CVE-2025-20241 Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol <TBD> Denial of Service Vulnerability | 27 Aug 202516:23 | – | cvelist |
 | EUVD-2025-27686 | 3 Oct 202520:07 | – | euvd |
 | Vulnerabilities fixed in Cisco NX-OS Software | 28 Aug 202508:36 | – | ncsc |
| Vulnerabilities fixed in Cisco NX-OS Software | 11 Sep 202508:18 | – | ncsc |
 | CVE-2025-20241 | 27 Aug 202517:15 | – | nvd |
 | PT-2025-34887 | 27 Aug 202500:00 | – | ptsecurity |
10
#TRUSTED 1a21d46e1741982f55af8964714f3273ffc4ab11efeb541a85671cb32505b9c6f01204cd3fe71ba639c09d5c9b4f4ca84da9be6188991f8fbc911140387e7e9548013b344b3701e00f4aeb288a37f4cfb6605817fef223c9699657ee7e6561f1ef35c17130831ce5fee015701ab9c96a12ef4e4b6e60625ee24c8520e160eb852644d710c2d8ba9d8b04450bcc2f80a3f9b884a63ed20b57ff73b58b8971d8b3dd5d20bc2021f6a3cf2f20653d3a99e0c64f28f5810dca75ba6e28fb951704c64fad69f23faece98e1ba8a36c87791108c2b9368b8db8ee265d7cf32bb2c6202a4c78fb39631a825c8e2fc01d70dcfabc6e37387401546458b819f34a5d09dce6f8e64cc04730d023550263c4e02ae7f350e783c58c8945c8fa36f6812c8b8214d86796dc66bc016df8ab3729ea0056b0286e5cca3524eba52ead5f60f9e3571d019d433cf514ca71f60378f2a8d3f7265b3fc1f410c500cb34f39fabd9a005a395ff4276df6d0735d032b61f29023f571fd025c945deb53c4337a70fe5837c2d8bde6d158b663f8da2754d1f2c697798943a6d1d2e45d49ddd4c355d3ae6d22806a0ad24c2caed7f34e561a47ee6110aff4404486f9b150177de48c4dc30bb218b3f2f848961bf2c6745b0f29d7c7439346855517d1c4386b61ff405f14edccd673ff676711ed0d9e59004e285c726924ae327c266fe82f29fbb0d86827ff1c
#TRUST-RSA-SHA256 434a96381301efa0570668b50c15b185cb9cee5a457169c54b3d6ffdd7832a3717a32f64b63a913230e82194ae8c7d6005cab95fd811aebc428200c95e2a952390956b614c900077f208d6240b5c2d0a9161b789f7bdb2baed26e7f26ded8d6c5a500b318c8241ddca6c07d9ba39d765da8a117897c87d99a23d968960646826c98abd0651942cdb5649193ddf70756bfac4ce9c95165dd0e076842495798d150d49e54aad7c02ee87040dfe096261e8463171770b0fe7f95b78f22521c2c9f169132c54c7c18315cba6e55570503add79723e9f4b857260d7dc4ce6dc6fd9b6dcd48ed3771c9297900802d695c2d3a08ba7ed8b08ee77c9ce98cc345a9051180b2cadaf173478efb860c8fc0809a690c0519b0ee6dc2b7c2be46e70ab4d092d49bd668e1270f2d1f4e39ecb952d1396fba1b3b6a828a780d8f613787fb7172b65e33006e97e25fa18b90383c89220a7a1e448fbf285d2c7029ed4386d8650943995f54bf12a884c404ee6af40a65ce159201221543e1356abb3db0d587de32abed91bdb4df55c2227cc03f9bc6bfe129cd3e0ed7e0237225f09c6a19d81786e2d9783b3c706931c078f9c45c44a50e1b802ace0085aef424341b7ce65023470f38119c3933e4a3d49c4a1b58381e2e165245e8735e841f5991ced22605e65ae797d6c80a1b9f58e48595c234e00f2490400fecb7b0f3a7895067c66caaad3b9
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(303931);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/27");
script_cve_id("CVE-2025-20241");
script_xref(name:"CISCO-BUG-ID", value:"CSCwn49153");
script_xref(name:"CISCO-SA", value:"cisco-sa-n39k-isis-dos-JhJA8Rfx");
script_xref(name:"IAVA", value:"2025-A-0635");
script_name(english:"Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability.
- A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software
for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could
allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which
could cause an affected device to reload. This vulnerability is due to insufficient input validation when
parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS
packet to an affected device. A successful exploit could allow the attacker to cause the unexpected
restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of
service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an
attacker must be Layer 2-adjacent to the affected device. (CVE-2025-20241)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfx
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e98404c");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwn49153");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwn49153");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-20241");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(733);
script_set_attribute(attribute:"vuln_publication_date", value:"2025/08/27");
script_set_attribute(attribute:"patch_publication_date", value:"2025/08/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/27");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
if (('Nexus' >!< product_info.device || product_info.model !~ "(^|[^0-9])3[0-9]{2,3}") &&
('Nexus' >!< product_info.device || product_info.model !~ "(^|[^0-9])9[0-9]{2,3}"))
audit(AUDIT_HOST_NOT, 'affected');
var version_list = [];
if ('Nexus' >< product_info.device && product_info.model =~ "^3[0-9]{2,3}")
{
version_list = make_list(
'6.0(2)A8(1)',
'6.0(2)A8(2)',
'6.0(2)A8(3)',
'6.0(2)A8(4)',
'6.0(2)A8(4a)',
'6.0(2)A8(5)',
'6.0(2)A8(6)',
'6.0(2)A8(7)',
'6.0(2)A8(7a)',
'6.0(2)A8(7b)',
'6.0(2)A8(8)',
'6.0(2)A8(9)',
'6.0(2)A8(10a)',
'6.0(2)A8(10)',
'6.0(2)A8(11)',
'6.0(2)A8(11a)',
'6.0(2)A8(11b)',
'7.0(3)F3(1)',
'7.0(3)F3(2)',
'7.0(3)F3(3)',
'7.0(3)F3(3a)',
'7.0(3)F3(4)',
'7.0(3)F3(3c)',
'7.0(3)F3(5)',
'7.0(3)I4(1)',
'7.0(3)I4(2)',
'7.0(3)I4(3)',
'7.0(3)I4(4)',
'7.0(3)I4(5)',
'7.0(3)I4(6)',
'7.0(3)I4(7)',
'7.0(3)I4(8)',
'7.0(3)I4(8a)',
'7.0(3)I4(8b)',
'7.0(3)I4(8z)',
'7.0(3)I4(1t)',
'7.0(3)I4(6t)',
'7.0(3)I4(9)',
'7.0(3)I5(1)',
'7.0(3)I5(2)',
'7.0(3)I5(3)',
'7.0(3)I5(3a)',
'7.0(3)I5(3b)',
'7.0(3)I6(1)',
'7.0(3)I6(2)',
'7.0(3)I7(1)',
'7.0(3)I7(2)',
'7.0(3)I7(3)',
'7.0(3)I7(4)',
'7.0(3)I7(5)',
'7.0(3)I7(5a)',
'7.0(3)I7(3z)',
'7.0(3)I7(6)',
'7.0(3)I7(6z)',
'7.0(3)I7(7)',
'7.0(3)I7(8)',
'7.0(3)I7(9)',
'7.0(3)I7(9w)',
'7.0(3)I7(10)',
'9.2(1)',
'9.2(2)',
'9.2(2t)',
'9.2(3)',
'9.2(3y)',
'9.2(4)',
'9.2(2v)',
'7.0(3)IC4(4)',
'7.0(3)IM7(2)',
'9.3(1)',
'9.3(2)',
'9.3(3)',
'9.3(4)',
'9.3(5)',
'9.3(6)',
'9.3(7)',
'9.3(7k)',
'9.3(7a)',
'9.3(8)',
'9.3(9)',
'9.3(10)',
'9.3(11)',
'9.3(12)',
'9.3(13)',
'9.3(14)',
'10.1(1)',
'10.1(2)',
'10.1(2t)',
'10.2(1)',
'10.2(2)',
'10.2(3)',
'10.2(3t)',
'10.2(4)',
'10.2(5)',
'10.2(3v)',
'10.2(6)',
'10.2(7)',
'10.2(8)',
'10.3(1)',
'10.3(2)',
'10.3(3)',
'10.3(4a)',
'10.3(4)',
'10.3(5)',
'10.3(6)',
'10.4(1)',
'10.4(2)',
'10.4(3)',
'10.4(4)',
'10.5(1)',
'10.5(2)'
);
}
if ('Nexus' >< product_info.device && product_info.model =~ "^9[0-9]{2,3}")
{
version_list = make_list(
'7.0(3)F3(1)',
'7.0(3)F3(3)',
'7.0(3)F3(3a)',
'7.0(3)F3(4)',
'7.0(3)F3(3c)',
'7.0(3)F3(5)',
'7.0(3)I4(1)',
'7.0(3)I4(2)',
'7.0(3)I4(3)',
'7.0(3)I4(4)',
'7.0(3)I4(5)',
'7.0(3)I4(6)',
'7.0(3)I4(7)',
'7.0(3)I4(8)',
'7.0(3)I4(8a)',
'7.0(3)I4(8b)',
'7.0(3)I4(8z)',
'7.0(3)I4(1t)',
'7.0(3)I4(6t)',
'7.0(3)I4(9)',
'7.0(3)I5(1)',
'7.0(3)I5(2)',
'7.0(3)I5(3)',
'7.0(3)I5(3a)',
'7.0(3)I5(3b)',
'7.0(3)I6(1)',
'7.0(3)I6(2)',
'7.0(3)I7(1)',
'7.0(3)I7(2)',
'7.0(3)I7(3)',
'7.0(3)I7(4)',
'7.0(3)I7(5)',
'7.0(3)I7(5a)',
'7.0(3)I7(3z)',
'7.0(3)I7(6)',
'7.0(3)I7(7)',
'7.0(3)I7(8)',
'7.0(3)I7(9)',
'7.0(3)I7(9w)',
'7.0(3)I7(10)',
'9.2(1)',
'9.2(2)',
'9.2(3)',
'9.2(3y)',
'9.2(4)',
'7.0(3)IA7(1)',
'7.0(3)IA7(2)',
'7.0(3)IC4(4)',
'9.3(1)',
'9.3(2)',
'9.3(3)',
'9.3(1z)',
'9.3(4)',
'9.3(5)',
'9.3(6)',
'9.3(5w)',
'9.3(7)',
'9.3(7k)',
'9.3(7a)',
'9.3(8)',
'9.3(9)',
'9.3(10)',
'9.3(11)',
'9.3(12)',
'9.3(13)',
'9.3(14)',
'10.1(1)',
'10.1(2)',
'10.2(1)',
'10.2(1q)',
'10.2(2)',
'10.2(3)',
'10.2(2a)',
'10.2(4)',
'10.2(5)',
'10.2(6)',
'10.2(7)',
'10.2(8)',
'10.3(1)',
'10.3(2)',
'10.3(3)',
'10.3(99w)',
'10.3(3w)',
'10.3(99x)',
'10.3(3o)',
'10.3(4a)',
'10.3(3p)',
'10.3(4)',
'10.3(3q)',
'10.3(3x)',
'10.3(5)',
'10.3(4g)',
'10.3(3r)',
'10.3(6)',
'10.3(4h)',
'10.4(1)',
'10.4(2)',
'10.4(3)',
'10.4(4)',
'10.4(4g)',
'10.5(1)',
'10.5(2)'
);
}
var workarounds = make_list(
CISCO_WORKAROUNDS['generic_workaround']
);
var workaround_params = [
WORKAROUND_CONFIG['isis_adjacency'],
WORKAROUND_CONFIG['isis_enable'],
{'require_all_generic_workarounds': TRUE}
];
var reporting = make_array(
'port' , 0,
'severity', SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwn49153',
'cmds' , make_list('show running-config','show isis adjacency')
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Mar 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.17.4
EPSS0.00052
SSVC