Hacking

Cisco addresses ten high-risk issues in NX-OS software

Cisco addressed ten high-risk vulnerabilities in NX-OS software, including some issues that could lead to code execution and privilege escalation.

Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation.

The first issue, tracked as CVE-2020-3517, is a DoS issue that resides in the Fabric Services component. The vulnerability could be exploited to trigger a denial of service (DoS) condition in both FXOS and NX-OS software.

“A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device.” reads the advisory published by Cisco. “The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages.”

An attacker could exploit the vulnerability by sending malicious Cisco Fabric Services messages to the vulnerable device. 

The second issue, tracked as CVE-2020-3415, is a remote code execution flaw in the Data Management Engine (DME) of NX-OS software. An unauthenticated, adjacent attacker can execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device by sending a crafted Discovery Protocol packet to a Layer 2-adjacent affected device.

“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device.” reads the advisory. “A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.”

The IT giant fixed an elevation of privilege flaw, tracked as CVE-2020-3394, in the Enable Secret feature could be exploited to get full administrative privileges on Nexus 3000 and 9000 series switches.

The same devices are affected by a DoS flaw (CVE-2020-3397) in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation. Another DoS issue (CVE-2020-3398) in BGP MVPN affects Nexus 7000 series switches too.

“A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device.” states the advisory. 

Cisco also addressed the CVE-2020-3338 DoS flaw that resides in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) and a command injection flaw tracked as CVE-2019-1896 that affects the web-based management interface of Cisco Integrated Management Controller (IMC).

Cisco also fixed the CVE-2020-3454 flaw impacting the Call Home feature of NX-OS that could result in commands being executed as root.

“A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS).” reads the advisory.

Cisco addressed two command injection vulnerabilities tracked as CVE-2018-0307 and CVE-2018-0306 in the CLI of NX-OS, both issues could allow an attacker to inject malicious arguments into a vulnerable CLI command.

The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.

Further details of the flaws addressed by Cisco are available on Cisco’s security advisories page.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, NX-OS)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

3 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

7 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

21 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.