Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its switches, next generation firewalls and security appliances.
Those vulnerabilities are present in the Cisco NX-OS Software, which enables network automation and programmatical provisioning and configuration of the devices via APIs, and Cisco FXOS (Firepower eXtensible Operating System).
“Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device,” the company explained.
They can be exploited via specially crafted packets (HTTP or HTTPS, Cisco Fabric Services, SNMP, IGMP) and messages (Cisco Discovery Protocol and BGP update messages).
Twelve of the vulnerabilities affect both Cisco FXOS Software and Cisco NX-OS Software and the remaining vulnerabilities affect only Cisco NX-OS Software. None of the vulnerabilities affect Cisco IOS Software or Cisco IOS XE Software.
There are no workarounds for the vulnerabilities, so administrators should implement the offered updates.
The good news is that the flaws were found during internal security testing, and there is no indication that they are being exploited in the wild.
Reference Link : https://www.helpnetsecurity.com/2018/06/21/cisco-switches-critical-flaws/
