• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new flaws discovered in cisco's network operating system for switches

New Flaws Discovered in Cisco’s Network Operating System for Switches

You are here: Home / General Cyber Security News / New Flaws Discovered in Cisco’s Network Operating System for Switches
February 25, 2022

Cisco has produced program updates to tackle 4 security vulnerabilities in its software program that could be weaponized by destructive actors to take control of afflicted systems.

The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API attribute of Cisco NX-OS Computer software that stems from a absence of adequate enter validation of user-provided facts.

“An attacker could exploit this vulnerability by sending a crafted HTTP Article request to the NX-API of an impacted system,” Cisco stated. “A productive exploit could let the attacker to execute arbitrary commands with root privileges on the fundamental working technique.”

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

The flaw impacts Nexus 3000 Sequence Switches, Nexus 5500 System Switches, Nexus 5600 Platform Switches, Nexus 6000 Sequence Switches, and Nexus 9000 Series Switches in standalone NX-OS method running Cisco NX-OS Computer software that have the NX-API feature enabled.

Also patched are two large-severity denial-of-provider (DoS) bugs in NX-OS – CVE-2022-20624 and CVE-2022-20623 (CVSS scores: 8.6) – uncovered in the Cisco Cloth Products and services More than IP (CFSoIP) and Bidirectional Forwarding Detection (BFD) site visitors features.

Prevent Data Breaches

CVE-2022-20624, which was noted to Cisco by the U.S. Nationwide Security Company (NSA), impacts Nexus 3000 and 9000 Sequence Switches and UCS 6400 Collection Fabric Interconnects, assuming CFSoIP is enabled. CVE-2022-20623, on the other hand, only influences Nexus 9000 Sequence Switches that have BFD toggled on.

And finally, the networking tools maker also patched a 3rd DoS vulnerability (CVE-2022-20625, CVSS rating: 4.3) in the Cisco Discovery Protocol provider of Cisco FXOS Software package and Cisco NX-OS Computer software, which could “let an unauthenticated, adjacent attacker to result in the assistance to restart, resulting in a denial of support (DoS) situation.”

Cisco explained that it really is not mindful of “any public bulletins or malicious use” of the aforementioned vulnerabilities. That reported, it can be encouraged that customers go immediately to use the vital updates to avoid opportunity real-planet exploitation.

Located this short article exciting? Stick to THN on Fb, Twitter  and LinkedIn to browse more exceptional articles we put up.


Some pieces of this report are sourced from:
thehackernews.com

Previous Post: «white house denies mulling massive cyberattacks against russia White House Denies Mulling Massive Cyberattacks Against Russia
Next Post: Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure notorious trickbot malware gang shuts down its botnet infrastructure»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot
  • Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
  • US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info
  • Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code
  • ICO Fines Clearview AI £7.5m for Collecting UK Citizens’ Data

Copyright © TheCyberSecurity.News, All Rights Reserved.