Users of Cisco switches, security appliances need to get patching

Administrators of Cisco switches, firewalls, and security appliances are advised to take a look at the latest collection of security advisories published by the company, as chances are good they will need to implement some updates.

None of the fixed vulnerabilities are critical or exploited in the wild, but most are high-risk and should be plugged as soon as possible.

The vulnerabilities affect the:

• Cisco NX-OS Software, used by the company’s various series of Nexus switches, line cards and fabric modules
• Cisco FXOS Software, also used by the same switches, Firepower firewalls and appliances, MDS switches and UCS fabric interconnects

Potentially exploitable feature

Cisco also published a separate advisory advising users of Nexus switches to disable the on-by-default PowerOn Auto Provisioning (POAP) feature.

“This feature assists in automating the initial deployment and configuration of Nexus switches. By design, the POAP feature leverages several unauthenticated protocols to obtain the initial configuration file for a device,” the company explained.

“POAP accepts a configuration script from the first DHCP server to respond, and there is no mechanism to establish trust with the DHCP server. An attacker who is able to send a DHCP response could provide a malicious configuration to a device, which could allow the attacker to run commands at the administrator privilege level.”

The company recommends to customers who do not want to use the POAP feature to disable it permanently (how to do that is explained in the advisory).

One year ago Cisco warned about disabling a similar feature that was being leveraged by attackers, so it’s possible they fear the same scenario unfolding.

Finally, those users who have not updated their Cisco ASA and Firepower security appliances since last summer are urged to do so now, as attackers are once again exploiting CVE-2018-0296.