SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches Multiple NX-OS Software Vulnerabilities

Cisco on Wednesday announced NX-OS software updates that resolve multiple vulnerabilities, including a high-severity DoS bug.

Cisco on Wednesday announced patches for multiple NX-OS software vulnerabilities as part of its semiannual FXOS and NX-OS security advisory bundled publication.

The most severe of the bugs is CVE-2024-20446, a high-severity flaw in the DHCPv6 relay agent of NX-OS that could be exploited by remote, unauthenticated attackers to cause a denial-of-service (DoS) condition.

Improper handling of specific fields in DHCPv6 messages allows attackers to send crafted packets to any IPv6 address configured on a vulnerable device.

“A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition,” Cisco explains.

According to the tech giant, only Nexus 3000, 7000, and 9000 series switches in standalone NX-OS mode are affected, if they run a vulnerable NX-OS release, if the DHCPv6 relay agent is enabled, and if they have at least one IPv6 address configured.

The NX-OS patches resolve a medium-severity command injection defect in the CLI of the platform, and two medium-risk flaws that could allow authenticated, local attackers to execute code with root privileges or escalate their privileges to network-admin level.

Advertisement. Scroll to continue reading.

Additionally, the updates resolve three medium-severity sandbox escape issues in the Python interpreter of NX-OS, which could lead to unauthorized access to the underlying operating system.

On Wednesday, Cisco also released fixes for two medium-severity bugs in the Application Policy Infrastructure Controller (APIC). One could allow attackers to modify the behavior of default system policies, while the second – which also affects Cloud Network Controller – could lead to escalation of privileges.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page and in the August 28 semiannual bundled publication.

Related: Cisco Patches High-Severity Vulnerability Reported by NSA

Related: Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira

Related: BIND Updates Resolve High-Severity DoS Vulnerabilities

Related: Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Neill Feather has been named Chief Executive Officer at Point Wild.

Oasis Security has appointed Michael DeCesare as President.

Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.