• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new flaws discovered in cisco's network operating system for switches

New Flaws Discovered in Cisco’s Network Operating System for Switches

You are here: Home / General Cyber Security News / New Flaws Discovered in Cisco’s Network Operating System for Switches
February 25, 2022

Cisco has produced program updates to tackle 4 security vulnerabilities in its software program that could be weaponized by destructive actors to take control of afflicted systems.

The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API attribute of Cisco NX-OS Computer software that stems from a absence of adequate enter validation of user-provided facts.

“An attacker could exploit this vulnerability by sending a crafted HTTP Article request to the NX-API of an impacted system,” Cisco stated. “A productive exploit could let the attacker to execute arbitrary commands with root privileges on the fundamental working technique.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

The flaw impacts Nexus 3000 Sequence Switches, Nexus 5500 System Switches, Nexus 5600 Platform Switches, Nexus 6000 Sequence Switches, and Nexus 9000 Series Switches in standalone NX-OS method running Cisco NX-OS Computer software that have the NX-API feature enabled.

Also patched are two large-severity denial-of-provider (DoS) bugs in NX-OS – CVE-2022-20624 and CVE-2022-20623 (CVSS scores: 8.6) – uncovered in the Cisco Cloth Products and services More than IP (CFSoIP) and Bidirectional Forwarding Detection (BFD) site visitors features.

Prevent Data Breaches

CVE-2022-20624, which was noted to Cisco by the U.S. Nationwide Security Company (NSA), impacts Nexus 3000 and 9000 Sequence Switches and UCS 6400 Collection Fabric Interconnects, assuming CFSoIP is enabled. CVE-2022-20623, on the other hand, only influences Nexus 9000 Sequence Switches that have BFD toggled on.

And finally, the networking tools maker also patched a 3rd DoS vulnerability (CVE-2022-20625, CVSS rating: 4.3) in the Cisco Discovery Protocol provider of Cisco FXOS Software package and Cisco NX-OS Computer software, which could “let an unauthenticated, adjacent attacker to result in the assistance to restart, resulting in a denial of support (DoS) situation.”

Cisco explained that it really is not mindful of “any public bulletins or malicious use” of the aforementioned vulnerabilities. That reported, it can be encouraged that customers go immediately to use the vital updates to avoid opportunity real-planet exploitation.

Located this short article exciting? Stick to THN on Fb, Twitter  and LinkedIn to browse more exceptional articles we put up.


Some pieces of this report are sourced from:
thehackernews.com

Previous Post: «white house denies mulling massive cyberattacks against russia White House Denies Mulling Massive Cyberattacks Against Russia
Next Post: Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure notorious trickbot malware gang shuts down its botnet infrastructure»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.