The most severe vulnerabilities, rated as high severity, affect FXOS and NX-OS that could be exploited by an
The exploitation of the flaw could trigger a denial of service (
“All six vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device.” reads the advisory published by Cisco.
“Two vulnerabilities affect only Cisco NX-OS Software; one vulnerability affects only Cisco UCS Software; two vulnerabilities affect both Cisco FXOS Software and Cisco UCS Software; and one vulnerability affects Cisco FX-OS Software, Cisco NX-OS Software, and UCS Software.”
The first issue tracked as CVE-2020-3172 is caused by the lack of insufficient validation of Cisco Discovery Protocol packet headers. The flaw could be exploited by an attacker to send a crafted packet to a Layer 2-adjacent vulnerable device and trigger a buffer overflow to run arbitrary code or cause a
The vulnerability impacts several devices for which the Discovery Protocol is enabled by default, including Nexus, Firepower, UCS and MDS.
The IT giant fixed a high severity flaw in the UCS Manager software (CVE-2020-3173) that could be exploited by an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The flaw impacts UCS 6200, 6300, and 6400 Series Fabric Interconnects.
Cisco also addressed another a high risk
Other high severity issues fixed by the tech giant are:
The company also addressed three medium severity vulnerabilities, tracked as CVE-2020-3165, CVE-2020-3174, CVE-2020-3170, in the NX-OS software and two other medium risk bugs in the FXOS software tracked as CVE-2020-3166 and CVE-2020-3169.