Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation.
The first issue, tracked as CVE-2020-3517, is a DoS issue that resides in the Fabric Services component. The vulnerability could be exploited to trigger a denial of service (DoS) condition in both FXOS and NX-OS software.
“A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device.” reads the advisory published by Cisco. “The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages.”
An attacker could exploit the vulnerability by sending malicious Cisco Fabric Services messages to the vulnerable device.
The second issue, tracked as CVE-2020-3415, is a remote code execution flaw in the Data Management Engine (DME) of NX-OS software. An unauthenticated, adjacent attacker can execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device by sending a crafted Discovery Protocol packet to a Layer 2-adjacent affected device.
“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device.” reads the advisory. “A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.”
The IT giant fixed an elevation of privilege flaw, tracked as CVE-2020-3394, in the Enable Secret feature could be exploited to get full administrative privileges on Nexus 3000 and 9000 series switches.
The same devices are affected by a DoS flaw (CVE-2020-3397) in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation. Another DoS issue (CVE-2020-3398) in BGP MVPN affects Nexus 7000 series switches too.
“A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device.” states the advisory.
Cisco also addressed the CVE-2020-3338 DoS flaw that resides in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) and a command injection flaw tracked as CVE-2019-1896 that affects the web-based management interface of Cisco Integrated Management Controller (IMC).
Cisco also fixed the CVE-2020-3454 flaw impacting the Call Home feature of NX-OS that could result in commands being executed as root.
“A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS).” reads the advisory.
Cisco addressed two command injection vulnerabilities tracked as CVE-2018-0307 and CVE-2018-0306 in the CLI of NX-OS, both issues could allow an attacker to inject malicious arguments into a vulnerable CLI command.
The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.
Further details of the flaws addressed by Cisco are available on Cisco’s security advisories page.
(SecurityAffairs – hacking, NX-OS)