Connect with us

Hi, what are you looking for?


Network Security

Cisco Patches Two Dozen Serious Flaws in Nexus Switches

Cisco this week patched over two dozen serious vulnerabilities affecting its Nexus switches, including flaws that can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, and privilege escalation.

Cisco this week patched over two dozen serious vulnerabilities affecting its Nexus switches, including flaws that can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, and privilege escalation.

Separate advisories have been published by the networking giant for nearly each of the flaws, many of which impact the NX-OS software powering Nexus switches and a few other Cisco devices.

The security holes, described as “high severity” issues, impact components such as the Tetration Analytics agent, the LDAP feature, the Image Signature Verification feature, the user account management interface, the command-line interface (CLI), the Bash shell implementation, the FCoE NPV protocol implementation, the file system component, the network stack, the Fabric Services component, the NX-API feature, and the 802.1X implementation.

Cisco Nexus switchesMany of the flaws allow local, authenticated attackers to execute arbitrary code as root, install malicious software images, elevate privileges, gain read and write access to an important configuration file, or escape a restricted shell on the device.

The few vulnerabilities that can be exploited remotely without authentication allow attackers to cause a DoS condition on affected devices. One flaw can be exploited remotely for executing arbitrary commands with root privileges by sending malicious HTTP/HTTPS packets to the management interface of an affected system, but the attacker needs to be authenticated.

Cisco discovered most of these vulnerabilities itself and the company says there is no evidence of malicious exploitation.

The company has also published an informational advisory that urges Nexus device owners to secure networks where the PowerOn Auto Provisioning (POAP) feature is used or simply disable the feature.

POAP, which is enabled by default, is designed to help organizations automate the initial deployment and configuration of Nexus switches. While the initial POAP implementation did not include options for disabling the feature, Cisco has now added several CLI commands to disable POAP.

Advertisement. Scroll to continue reading.

“POAP accepts a configuration script from the first DHCP server to respond, and there is no mechanism to establish trust with the DHCP server. An attacker who is able to send a DHCP response could provide a malicious configuration to a device, which could allow the attacker to run commands at the administrator privilege level,” Cisco warned.

Last year, Cisco issued a similar warning about the Smart Install Client, a legacy utility that allows no-touch installation of new Cisco switches. Days later, reports emerged of attacks apparently exploiting the feature.

Cisco also warned earlier this month that a remote command execution flaw patched in February in some of its RV routers has been targeted by hackers.

Related: Hackers Target Cisco Routers via Recently Patched Flaws

Related: Cisco Warns of Zero-Day Vulnerability in Security Appliances

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...