Cisco plugs critical flaws in many switches, security appliances

Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its switches, next generation firewalls and security appliances.

Cisco switches critical flaws

Those vulnerabilities are present in the Cisco NX-OS Software, which enables network automation and programmatical provisioning and configuration of the devices via APIs, and Cisco FXOS (Firepower eXtensible Operating System).

“Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device,” the company explained.

They can be exploited via specially crafted packets (HTTP or HTTPS, Cisco Fabric Services, SNMP, IGMP) and messages (Cisco Discovery Protocol and BGP update messages).

Twelve of the vulnerabilities affect both Cisco FXOS Software and Cisco NX-OS Software and the remaining vulnerabilities affect only Cisco NX-OS Software. None of the vulnerabilities affect Cisco IOS Software or Cisco IOS XE Software.

There are no workarounds for the vulnerabilities, so administrators should implement the offered updates.

The good news is that the flaws were found during internal security testing, and there is no indication that they are being exploited in the wild.

Affected devices

Affected products include:

  • MDS 9000 Series Multilayer Switches
  • Nexus 2000 Series Fabric Extenders
  • Nexus 1000V/2000/3000/4000/6000/7000/7700 Series Switches
  • Nexus 1100 Series Cloud Services Platforms
  • Nexus 3500/3600/5500/5600 Platform Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode and in Application Centric Infrastructure (ACI) mode
  • Nexus 9500 R-Series Line Cards and Fabric Modules
  • Firepower 2100 Series
  • Firepower 4100 Series Next-Generation Firewalls
  • Firepower 9300 Security Appliance
  • MDS 9000 Series Multilayer Switches
  • UCS 6100/6200/6300 Series Fabric Interconnects

Some products that have reached end-of-life status could also be affected, but updates for them won’t be provided.

For links to the advisories and more details about each flaw go here.