Cisco patches critical vulnerabilities

Cisco patches critical vulnerabilities

Cisco released patches for 34 vulnerabilities that include 5 critical, 20 high and 9 medium vulnerabilities. The 5 critical vulnerabilities are in FXOS and NX-OS and NX-API software and could allow an attacker to execute remote arbitrary code that could cause a buffer overflow or in other cases may lead to a DoS attack.

You'll need to wade through Cisco's advisories to work out if the software you're running is vulnerable or already fixed.

All of the critical flaws have a CVSS score of 9.8 out of 10 and four of them affect the FXOS and NX-OS Cisco Fabric Services because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets," according to the security notice. The last critical flaw affects the NX-API feature of NX-OS.

The critical Smart Install flaw has affected 8.5 million devices till now.

The Cisco patch will fix the issues CVE-2018-0308, CVE-2018-0304, CVE-2018-0314 and CVE-2018-0312.

 ▬ MDS 9000 Series Multilayer Switches
▬ Nexus 2000 Series Fabric Extenders
▬ Nexus 3000 Series Switches
▬ Nexus 3500 Platform Switches
▬ Nexus 5500 Platform Switches
▬ Nexus 5600 Platform Switches
▬ Nexus 6000 Series Switches
▬ Nexus 7000 Series Switches
▬ Nexus 7700 Series Switches
▬ Nexus 9000 Series Switches in a standalone NX-OS mode
▬ Nexus 9500 R-Series Line Cards and Fabric Modules
▬ Firepower 4100 Series Next-Generation Firewalls
▬ Firepower 9300 Security Appliance
▬ UCS 6100 Series Fabric Interconnects
▬ UCS 6200 Series Fabric Interconnects
▬ UCS 6300 Series Fabric Interconnects

The NX-API vulnerability is caused by an incorrect input validation in the authentication module of the NX-API subsystem which can be exploited if an attacker were to send a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled.

The four affecting Cisco Fabric Services are because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets".
get the latest hacking gist here
Cisco patches critical vulnerabilities Cisco patches critical vulnerabilities Reviewed by Lehvi on June 29, 2018 Rating: 5

No comments:

Powered by Blogger.