Cisco Patches Flaws in FXOS, UCS Manager and NX-OS Software

Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software.

The most important of the bugs is a high severity flaw in FXOS and NX-OS that could allow an unauthenticated, adjacent attacker to execute arbitrary code as root. The weakness can also be exploited for denial of service (DoS).

Tracked as CVE-2020-3172, the vulnerability is triggered because Cisco Discovery Protocol packet headers are insufficiently validated. The attacker could send a crafted packet to a Layer 2-adjacent affected device and cause a buffer overflow to run code or cause a DoS condition.

Because the Discovery Protocol is enabled by default globally and on all interfaces in FXOS and NX-OS, the flaw impacts numerous products, including Nexus, Firepower, UCS and MDS.

Cisco has pointed out that this vulnerability is different from the one disclosed earlier this month, which researchers said affected tens of millions of Cisco devices deployed in enterprise environments.

Another high risk flaw patched on Wednesday is a DoS flaw (CVE-2020-3175) in NX-OS software for MDS 9000 Series Multilayer Switches, which could be exploited remotely without authentication.

Next in line is a high risk flaw in UCS Manager software that could be exploited by an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). Tracked as CVE-2020-3173, it impacts UCS 6200, 6300, and 6400 Series Fabric Interconnects.

The Secure Login Enhancements capability of the Nexus 1000V switch for VMware vSphere is impacted by a high severity issue (CVE-2020-3168) that could allow an unauthenticated, remote attacker to cause a vulnerable Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible.

Two high risk CLI command injection vulnerabilities (CVE-2020-3167 and CVE-2020-3171) were addressed in FXOS and UCS Manager software, both of which could be exploited by an authenticated, local attacker to execute arbitrary commands. Both vulnerabilities impact Firepower and UCS products.

Cisco also addressed three medium severity bugs in NX-OS software that could be exploited by an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection (CVE-2020-3165), cause a device to learn invalid Address Resolution Protocol (ARP) entries (CVE-2020-3174), or restart the NX-API process (CVE-2020-3170).

Two other medium risk bugs were patched in FXOS software. They could be exploited by an authenticated, local attacker to read or write arbitrary files to the OS (CVE-2020-3166), or execute arbitrary commands on the underlying Linux operating system, with root privileges (CVE-2020-3169).

Cisco has also published an advisory for the recently disclosed Kr00k vulnerability that impacts devices containing Wi-Fi chips made by Broadcom and Cypress, confirming that many of its products are impacted.

Details on all vulnerabilities can be found on Cisco’s support page.

Related: Cisco Patches DoS, Information Disclosure Flaws in Small Business Switches

Related: Cisco Patches Critical Vulnerability in Network Security Tool