Home

Description

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device.

PUBLISHED Reserved 2024-10-10 | Published 2025-08-27 | Updated 2025-08-28 | Assigner cisco




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unknown

1.1(3e)
affected

1.1(3c)
affected

1.1(3d)
affected

1.1(0d)
affected

1.1(2i)
affected

2.0(1b)
affected

1.1(2h)
affected

1.1(0c)
affected

1.1(3f)
affected

2.1(1d)
affected

2.1(1e)
affected

2.0(2g)
affected

2.0(2h)
affected

2.1(2d)
affected

2.0(1d)
affected

2.2(1h)
affected

2.2(1e)
affected

2.2(2d)
affected

2.1(2f)
affected

2.3(1c)
affected

2.3(2b)
affected

2.3(2c)
affected

2.3(2d)
affected

2.3(2e)
affected

3.0(1f)
affected

3.0(1i)
affected

3.1(1k)
affected

3.1(1l)
affected

3.2(1e)
affected

3.2(1i)
affected

3.3(1a)
affected

3.3(1b)
affected

3.3(2b)
affected

4.0(1i)
affected

3.3(2g)
affected

3.2(2f)
affected

3.2(2g)
affected

3.2(2m)
affected

3.1(1n)
affected

References

sec.cloudapps.cisco.com/...dvisory/cisco-sa-nd-ptrs-XU2Fm2Wb (cisco-sa-nd-ptrs-XU2Fm2Wb)

cve.org (CVE-2025-20344)

nvd.nist.gov (CVE-2025-20344)

Download JSON