Critical Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate Managed Devices

Cisco has issued a high-severity security advisory (ID: cisco-sa-ndfc-shkv-snQJtjrp) regarding a critical SSH host key validation vulnerability in its Nexus Dashboard Fabric Controller (NDFC), tracked as CVE-2025-20163.

The flaw, assigned a CVSS 3.1 base score of 8.7, could allow unauthenticated, remote attackers to impersonate Cisco NDFC-managed devices, posing significant risks to data center infrastructure.

The vulnerability is rooted in insufficient validation of SSH host keys (CWE-322: Key Exchange without Entity Authentication), enabling attackers to perform machine-in-the-middle (MitM) attacks on SSH connections to NDFC-managed devices.

By exploiting this, threat actors could intercept sensitive traffic and capture user credentials, potentially gaining unauthorized access to critical network resources.

Affected Versions and Technical Impact

The vulnerability affects all Cisco NDFC releases prior to 12.2.3, including legacy Cisco Data Center Network Manager (DCNM) versions, as well as several releases of Cisco Nexus Dashboard unified software.

The ...