Cisco has produced program updates to tackle 4 security vulnerabilities in its software program that could be weaponized by destructive actors to take control of afflicted systems.
The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API attribute of Cisco NX-OS Computer software that stems from a absence of adequate enter validation of user-provided facts.
“An attacker could exploit this vulnerability by sending a crafted HTTP Article request to the NX-API of an impacted system,” Cisco stated. “A productive exploit could let the attacker to execute arbitrary commands with root privileges on the fundamental working technique.”
The flaw impacts Nexus 3000 Sequence Switches, Nexus 5500 System Switches, Nexus 5600 Platform Switches, Nexus 6000 Sequence Switches, and Nexus 9000 Series Switches in standalone NX-OS method running Cisco NX-OS Computer software that have the NX-API feature enabled.
Also patched are two large-severity denial-of-provider (DoS) bugs in NX-OS – CVE-2022-20624 and CVE-2022-20623 (CVSS scores: 8.6) – uncovered in the Cisco Cloth Products and services More than IP (CFSoIP) and Bidirectional Forwarding Detection (BFD) site visitors features.
CVE-2022-20624, which was noted to Cisco by the U.S. Nationwide Security Company (NSA), impacts Nexus 3000 and 9000 Sequence Switches and UCS 6400 Collection Fabric Interconnects, assuming CFSoIP is enabled. CVE-2022-20623, on the other hand, only influences Nexus 9000 Sequence Switches that have BFD toggled on.
And finally, the networking tools maker also patched a 3rd DoS vulnerability (CVE-2022-20625, CVSS rating: 4.3) in the Cisco Discovery Protocol provider of Cisco FXOS Software package and Cisco NX-OS Computer software, which could “let an unauthenticated, adjacent attacker to result in the assistance to restart, resulting in a denial of support (DoS) situation.”
Cisco explained that it really is not mindful of “any public bulletins or malicious use” of the aforementioned vulnerabilities. That reported, it can be encouraged that customers go immediately to use the vital updates to avoid opportunity real-planet exploitation.
Located this short article exciting? Stick to THN on Fb, Twitter and LinkedIn to browse more exceptional articles we put up.
Some pieces of this report are sourced from: