BugZero | Cisco BugID CSCwm09739 - Cisco Nexus 3000 and 9000 Series Switches Command ...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCwm09739 - Cisco Nexus 3000 and 9000 Series Switches Command ...

ODD
Cisco
CSCwm09739

Cisco - Defect ID: CSCwm09739

Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

ODD
Cisco
CSCwm09739

Cisco - Defect ID: CSCwm09739

Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

Last updated on May 14th, 2026

BugZero Risk Score
7.9 High

Overall: 7.9

Severity: 8.2

Lifecycle: 9.1

Popularity: 6.0

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Description

Symptom

A vulnerability in the software upgrade process of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Note: Administrators should validate the hash of any software image before installation. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Conditions

Please refer to the Security Advisory.

Workaround

Please refer to the Security Advisory.

Further Problem Description

Please refer to the Security Advisory.

PSIRT Evaluation

The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 5.1: https://sec.cloudapps.cisco.com/security/center/cvssCalculator.x?vector=CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N CVE ID CVE-2025-20161 has been assigned to document this issue. Information about Fixed, Vulnerable, and Non-vulnerable releases--as well as information about fixed release availability--is not maintained by Cisco PSIRT. Please refer to the appropriate fields in this bug. If you require additional help to obtain this information, please open a support case with your support organization. Additional information on Cisco's security vulnerability policy can be found at the following URL: https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html

Change history

2026-01-09 Added: 10.1(1), 10.1(2), 10.1(2t), 10.2(1), 10.2(1q), 10.2(2), 10.2(3), 10.2(3t), 10.2(3v), 10.2(4), 10.2(5), 10.2(6), 10.2(7), 10.2(8), 10.3(1), 10.3(2), 10.3(3), 10.3(4a), 10.3(5), 10.3(6), 10.4(1), 10.4(2), 10.4(3), 10.5(1), 6.0(2)A8(1), 6.0(2)A8(10), 6.0(2)A8(10a), 6.0(2)A8(11), 6.0(2)A8(11a), 6.0(2)A8(11b), 6.0(2)A8(2), 6.0(2)A8(3), 6.0(2)A8(4), 6.0(2)A8(4a), 6.0(2)A8(5), 6.0(2)A8(6), 6.0(2)A8(7), 6.0(2)A8(7a), 6.0(2)A8(7b), 6.0(2)A8(8), 6.0(2)A8(9), 7.0(3)F3(1), 7.0(3)F3(2), 7.0(3)F3(3), 7.0(3)F3(3a), 7.0(3)F3(3c), 7.0(3)F3(4), 7.0(3)F3(5), 7.0(3)I4(1), 7.0(3)I4(2), 7.0(3)I4(3), 7.0(3)I4(4), 7.0(3)I4(5), 7.0(3)I4(6), 7.0(3)I4(7), 7.0(3)I4(8), 7.0(3)I4(8a), 7.0(3)I4(8b), 7.0(3)I4(8z), 7.0(3)I4(9), 7.0(3)I5(1), 7.0(3)I5(2), 7.0(3)I6(1), 7.0(3)I6(2), 7.0(3)I7(1), 7.0(3)I7(10), 7.0(3)I7(2), 7.0(3)I7(3), 7.0(3)I7(4), 7.0(3)I7(5), 7.0(3)I7(5a), 7.0(3)I7(6), 7.0(3)I7(7), 7.0(3)I7(8), 7.0(3)I7(9), 9.2(1), 9.2(2), 9.2(2t), 9.2(2v), 9.2(3), 9.2(4), 9.3(1), 9.3(10), 9.3(11), 9.3(12), 9.3(13), 9.3(14), 9.3(2), 9.3(3), 9.3(4), 9.3(5), 9.3(6), 9.3(7), 9.3(7a), 9.3(8), 9.3(9)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.1(1), 10.1(2), 10.1(2t), 10.2(1), 10.2(1q), 10.2(2), 10.2(3), 10.2(3t), 10.2(3v), 10.2(4), 10.2(5), 10.2(6), 10.2(7), 10.2(8), 10.3(1), 10.3(2), 10.3(3), 10.3(4a), 10.3(5), 10.3(6), 10.4(1), 10.4(2), 10.4(3), 10.5(1), 6.0(2)A8(1), 6.0(2)A8(10), 6.0(2)A8(10a), 6.0(2)A8(11), 6.0(2)A8(11a), 6.0(2)A8(11b), 6.0(2)A8(2), 6.0(2)A8(3), 6.0(2)A8(4), 6.0(2)A8(4a), 6.0(2)A8(5), 6.0(2)A8(6), 6.0(2)A8(7), 6.0(2)A8(7a), 6.0(2)A8(7b), 6.0(2)A8(8), 6.0(2)A8(9), 7.0(3)F3(1), 7.0(3)F3(2), 7.0(3)F3(3), 7.0(3)F3(3a), 7.0(3)F3(3c), 7.0(3)F3(4), 7.0(3)F3(5), 7.0(3)I4(1), 7.0(3)I4(2), 7.0(3)I4(3), 7.0(3)I4(4), 7.0(3)I4(5), 7.0(3)I4(6), 7.0(3)I4(7), 7.0(3)I4(8), 7.0(3)I4(8a), 7.0(3)I4(8b), 7.0(3)I4(8z), 7.0(3)I4(9), 7.0(3)I5(1), 7.0(3)I5(2), 7.0(3)I6(1), 7.0(3)I6(2), 7.0(3)I7(1), 7.0(3)I7(10), 7.0(3)I7(2), 7.0(3)I7(3), 7.0(3)I7(4), 7.0(3)I7(5), 7.0(3)I7(5a), 7.0(3)I7(6), 7.0(3)I7(7), 7.0(3)I7(8), 7.0(3)I7(9), 9.2(1), 9.2(2), 9.2(2t), 9.2(2v), 9.2(3), 9.2(4), 9.3(1), 9.3(10), 9.3(11), 9.3(12), 9.3(13), 9.3(14), 9.3(2), 9.3(3), 9.3(4), 9.3(5), 9.3(6), 9.3(7), 9.3(7a), 9.3(8), 9.3(9)

Fixed versions: 10.2(9), 10.3(7), 10.3(8), 10.3(9), 10.4(4), 10.4(5), 10.4(6), 10.4(7), 10.5(2), 10.5(3), 10.5(3s), 10.5(4), 10.5(5), 10.6(1), 10.6(1s), 10.6(2), 10.6(2n), 10.6(3), 9.3(15), 9.3(16)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:10.1(1), 10.1(2), 10.1(2t), 10.2(1), 10.2(1q), 10.2(2), 10.2(3), 10.2(3t), 10.2(3v), 10.2(4), 10.2(5), 10.2(6), 10.2(7), 10.2(8), 10.3(1), 10.3(2), 10.3(3), 10.3(4a), 10.3(5), 10.3(6), 10.4(1), 10.4(2), 10.4(3), 10.5(1), 6.0(2)A8(1), 6.0(2)A8(10), 6.0(2)A8(10a), 6.0(2)A8(11), 6.0(2)A8(11a), 6.0(2)A8(11b), 6.0(2)A8(2), 6.0(2)A8(3), 6.0(2)A8(4), 6.0(2)A8(4a), 6.0(2)A8(5), 6.0(2)A8(6), 6.0(2)A8(7), 6.0(2)A8(7a), 6.0(2)A8(7b), 6.0(2)A8(8), 6.0(2)A8(9), 7.0(3)F3(1), 7.0(3)F3(2), 7.0(3)F3(3), 7.0(3)F3(3a), 7.0(3)F3(3c), 7.0(3)F3(4), 7.0(3)F3(5), 7.0(3)I4(1), 7.0(3)I4(2), 7.0(3)I4(3), 7.0(3)I4(4), 7.0(3)I4(5), 7.0(3)I4(6), 7.0(3)I4(7), 7.0(3)I4(8), 7.0(3)I4(8a), 7.0(3)I4(8b), 7.0(3)I4(8z), 7.0(3)I4(9), 7.0(3)I5(1), 7.0(3)I5(2), 7.0(3)I6(1), 7.0(3)I6(2), 7.0(3)I7(1), 7.0(3)I7(10), 7.0(3)I7(2), 7.0(3)I7(3), 7.0(3)I7(4), 7.0(3)I7(5), 7.0(3)I7(5a), 7.0(3)I7(6), 7.0(3)I7(7), 7.0(3)I7(8), 7.0(3)I7(9), 9.2(1), 9.2(2), 9.2(2t), 9.2(2v), 9.2(3), 9.2(4), 9.3(1), 9.3(10), 9.3(11), 9.3(12), 9.3(13), 9.3(14), 9.3(2), 9.3(3), 9.3(4), 9.3(5), 9.3(6), 9.3(7), 9.3(7a), 9.3(8), 9.3(9)

Fixed versions: 10.2(9), 10.3(7), 10.3(8), 10.3(9), 10.4(4), 10.4(5), 10.4(6), 10.4(7), 10.5(2), 10.5(3), 10.5(3s), 10.5(4), 10.5(5), 10.6(1), 10.6(1s), 10.6(2), 10.6(2n), 10.6(3), 9.3(15), 9.3(16)

Top Cisco Defects

9.7Defect ID: CSCws52722
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCvn12442
Under heavy load, ISE live logs stop working on ISE 2.3
9.7Defect ID: CSCws61409
Live Logs Not Displaying on GUI Due to Fast Expansion of MNT Database
9.7Defect ID: CSCvz07394
2960X Stack may observe hang/freeze of member switches or complete stack.

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise