Cisco patches 34 vulnerabilities, five critical

News by Robert Abel

Cisco released patches for 34 flaws in its software including fixes for five critical arbitrary code execution vulnerabilities in FXOS, NX-OS and NX-API software.

Cisco released patches for 34 flaws in its software including fixes for five critical arbitrary code execution vulnerabilities in FXOS, NX-OS and NX-API software.

All of the critical flaws have a CVSS score of 9.8 out of 10 and four of them affect the FXOS and NX-OS Cisco Fabric Services because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets," according to the security notice. The last critical flaw affects the NX-API feature of NX-OS.

The NX-API vulnerability is caused by an incorrect input validation in the authentication module of the NX-API subsystem which can be exploited if an attacker were to send a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled.

One of the arbitrary code execution vulnerabilities affecting FXOS and NX-OS Software was the result of the affected software insufficiently validating header values in Cisco Fabric Services packets. As a result of the bug, a threat actor could cause a buffer overflow that would allow them to execute arbitrary code or cause a DoS condition.  

Nineteen of the vulnerabilities were rated as High while the rest were rated as Medium and 12 of the vulnerabilities affected both FXOS and NX-OS, while the remaining only affect NX-OS.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events