Patches for 34 vulnerabilities have been released that include 5 critical, 20 high and 9 medium vulnerabilities. The 5 critical vulnerabilities are in FXOS and NX-OS software and could allow an attacker to execute remote arbitrary code that could cause a buffer overflow or in other cases may lead to a DoS attack.
The Cisco patch will fix the issues CVE-2018-0308, CVE-2018-0304, CVE-2018-0314 and CVE-2018-0312.
- MDS 9000 Series Multilayer Switches
- Nexus 2000 Series Fabric Extenders
- Nexus 3000 Series Switches
- Nexus 3500 Platform Switches
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 7000 Series Switches
- Nexus 7700 Series Switches
- Nexus 9000 Series Switches in a standalone NX-OS mode
- Nexus 9500 R-Series Line Cards and Fabric Modules
- Firepower 4100 Series Next-Generation Firewalls
- Firepower 9300 Security Appliance
- UCS 6100 Series Fabric Interconnects
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
CLI and RBAC of the Cisco NS-OS would allow the attacker to perform a command injection attack on the vulnerable device affecting the Simple Network Management Protocol of Cisco NX-OS software.
The Internet Group Management Protocol (IGMP) vulnerability could allow attackers to execute arbitrary code or cause a DoS in the system. The Border Gateway Protocol (BGP) is an implementation of Cisco NX-OS is allowing the unauthenticated remote attacker to cause the denial of service attack.
The vulnerability currently resides in NX-OS and could allow the attacker to create an admin account. The privilege escalation vulnerability in NX-OS which could also allow the attacker to run commands with elevated privileges. There is a list of Cisco released patches in details which can be found in the Cisco security advisories page.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018