Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software.
The most important of the bugs is a high severity flaw in FXOS and NX-OS that could allow an unauthenticated, adjacent attacker to execute arbitrary code as root. The weakness can also be exploited for denial of service (DoS).
Tracked as CVE-2020-3172, the vulnerability is triggered because Cisco Discovery Protocol packet headers are insufficiently validated. The attacker could send a crafted packet to a Layer 2-adjacent affected device and cause a buffer overflow to run code or cause a DoS condition.
Because the Discovery Protocol is enabled by default globally and on all interfaces in FXOS and NX-OS, the flaw impacts numerous products, including Nexus, Firepower, UCS and MDS.
Cisco has pointed out that this vulnerability is different from the one disclosed earlier this month, which researchers said affected tens of millions of Cisco devices deployed in enterprise environments.
Another high risk flaw patched on Wednesday is a DoS flaw (CVE-2020-3175) in NX-OS software for MDS 9000 Series Multilayer Switches, which could be exploited remotely without authentication.
Next in line is a high risk flaw in UCS Manager software that could be exploited by an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). Tracked as CVE-2020-3173, it impacts UCS 6200, 6300, and 6400 Series Fabric Interconnects.
The Secure Login Enhancements capability of the Nexus 1000V switch for VMware vSphere is impacted by a high severity issue (CVE-2020-3168) that could allow an unauthenticated, remote attacker to cause a vulnerable Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible.
< ..
Support the originator by clicking the read the rest link below.
