Cisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches.
Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition.
The flaw exists due to incomplete input validation of specific OSPFv3 packets, allowing an attacker to send a malicious OSPFv3 link-state advertisement (LSA) to a vulnerable device in order to trigger the bug.
“A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition,” Cisco notes in an advisory.
The tech giant also notes that the OSPFv3 feature is disabled by default and that an attacker can exploit the vulnerability if they can “establish a full OSPFv3 neighbor state with an affected device”.
The second NX-OS vulnerability that Cisco addressed this week can also be exploited to cause a DoS condition. Tracked as CVE-2022-20824, the bug resides in the Cisco Discovery Protocol feature and impacts the FXOS software as well.
Caused by the improper validation of specific values within a Cisco Discovery Protocol message, the flaw can be exploited by sending malicious Discovery Protocol packets to a vulnerable device.
“A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition,” Cisco explains.
Because the Discovery Protocol is a Layer 2 protocol, an attacker looking to exploit the flaw has to be Layer 2 adjacent (in the same broadcast domain) to the affected device.
Cisco has released software updates to address these vulnerabilities and recommends that customers use the Cisco Software Checker to identify FXOS or NX-OS releases that fix the issues described in the advisories that the tool identifies.
The company says these vulnerabilities are not exploited in attacks and that it is not aware of the public existence of exploit code targeting them.
This week, Cisco also resolved CVE-2022-20921, a high-severity elevation of privilege flaw in the API implementation of ACI Multi-Site Orchestrator (MSO) caused by improper authorization on a specific API.
An attacker authenticated with non-administrator privileges could use crafted HTTP requests to exploit the vulnerability and elevate privileges to administrator.
Cisco ACI MSO releases 3.1, 3.0 and earlier were found vulnerable. ACI MSO version 3.1(1n) resolves this issue. ACI MSO release 3.2 is not affected.
According to Cisco, proof-of-concept exploit code targeting CVE-2022-20921 has been released publicly, but the company is not aware of malicious attacks targeting it.
Related: Cisco Patches High-Severity Vulnerability in Security Solutions
Related: Cisco Warns of Exploitation Attempts Targeting New IOS XR Vulnerability
Related: Cisco Patches Critical Vulnerability in Email Security Appliance
