Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco’s NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
Patches are available for all vulnerabilities, according to a Cisco Security Advisory posted on Wednesday. In addition to the eight patched high-severity bugs, Cisco also fixed a flaw (CVE-2020-3504) listed as medium severity that impacts the Cisco Unified Computing System management software.
Two bugs (CVE-2020-3397 and CVE-2020-3398) are “Cisco NX-OS software Border Gateway Protocol Multicast VPN denial of service vulnerabilities,” according to the security bulletin. Both vulnerabilities allow an attacker to launch either a partial or prolonged DoS attack via session resets and device reloading.
“The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device,” wrote Cisco regarding CVE-2020-3397. The other VPN bug is due to incorrect parsing of a specific type of BGP MVPN update message.
Cisco also reported a bug (CVE-2020-3338) in the context of its NX-OS software underlying its IPv6 Protocol Independent Multicast (PIM). “PIMs are used between switches so that they can track which multicast packets to forward to each other and to their directly connected LANs,” according to Cisco.
The vulnerability allows an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device, Cisco said. Vulnerable are Nexus 3000 Series Switches (CSCvr91853), Nexus 7000 Series Switches (CSCvr97684) and Nexus 9000 Series Switches in standalone NX-OS mode (CSCvr91853).
One of the more interesting of the patched bugs is the NX-OS software Call Home command injection bug could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system.
“The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an affected device,” Cisco warned.
Impacted are nine Cisco switches ranging from MDS 9000 Series Multilayer Switches to the Nexus 9500 R-Series Switching Platform.
On Wed Sept. 16 @ 2 PM ET: Learn the secrets to running a successful Bug Bounty Program. Resister today for this FREE Threatpost webinar “Five Essentials for Running a Successful Bug Bounty Program“. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.