Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Cisco Patches Two Dozen Serious Flaws in Nexus Switches

Cisco this week patched over two dozen serious vulnerabilities affecting its Nexus switches, including flaws that can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, and privilege escalation.

Cisco this week patched over two dozen serious vulnerabilities affecting its Nexus switches, including flaws that can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, and privilege escalation.

Separate advisories have been published by the networking giant for nearly each of the flaws, many of which impact the NX-OS software powering Nexus switches and a few other Cisco devices.

The security holes, described as “high severity” issues, impact components such as the Tetration Analytics agent, the LDAP feature, the Image Signature Verification feature, the user account management interface, the command-line interface (CLI), the Bash shell implementation, the FCoE NPV protocol implementation, the file system component, the network stack, the Fabric Services component, the NX-API feature, and the 802.1X implementation.

Cisco Nexus switchesMany of the flaws allow local, authenticated attackers to execute arbitrary code as root, install malicious software images, elevate privileges, gain read and write access to an important configuration file, or escape a restricted shell on the device.

The few vulnerabilities that can be exploited remotely without authentication allow attackers to cause a DoS condition on affected devices. One flaw can be exploited remotely for executing arbitrary commands with root privileges by sending malicious HTTP/HTTPS packets to the management interface of an affected system, but the attacker needs to be authenticated.

Cisco discovered most of these vulnerabilities itself and the company says there is no evidence of malicious exploitation.

The company has also published an informational advisory that urges Nexus device owners to secure networks where the PowerOn Auto Provisioning (POAP) feature is used or simply disable the feature.

POAP, which is enabled by default, is designed to help organizations automate the initial deployment and configuration of Nexus switches. While the initial POAP implementation did not include options for disabling the feature, Cisco has now added several CLI commands to disable POAP.

“POAP accepts a configuration script from the first DHCP server to respond, and there is no mechanism to establish trust with the DHCP server. An attacker who is able to send a DHCP response could provide a malicious configuration to a device, which could allow the attacker to run commands at the administrator privilege level,” Cisco warned.

Last year, Cisco issued a similar warning about the Smart Install Client, a legacy utility that allows no-touch installation of new Cisco switches. Days later, reports emerged of attacks apparently exploiting the feature.

Cisco also warned earlier this month that a remote command execution flaw patched in February in some of its RV routers has been targeted by hackers.

Related: Hackers Target Cisco Routers via Recently Patched Flaws

Related: Cisco Warns of Zero-Day Vulnerability in Security Appliances

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.