Cisco is one of the most important companies in the world when it comes to networks and their components such as routers, switches, firewalls, IP telephony products, among others. But as with all companies dedicated to this area, it is not exempt from flaws and vulnerabilities. In this case, there are several vulnerabilities in the network system for switches. More details will be given in this article!
Different vulnerabilities affect Cisco systems
In recent days, Cisco has been releasing updates to patch different vulnerabilities that have been found in several of its network systems, thus preventing cybercriminals from gaining access to those systems and using them at their convenience. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8); this is about a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.
Cisco has given its part specifying: “An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device,” they stated. “A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.”
How do these vulnerabilities affect Cisco systems?
These vulnerabilities, being present in the networking system for switches, affect the following products: Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled.
Among the other flaws are two high-severity denial-of-service(DoS) bugs in NX-OS: CVE-2022-20624 and CVE-2022-20623 (CVSS scores: 8.6). The first was reported to the U.S. National Security Agency (NSA) as it impacts systems and products used by federal agencies, such as Nexus 3000 and 9000 Series Switches and UCS 6400 Series Fabric Interconnects. The second flaw only affects Nexus 9000 Series Switches that have BFD toggled on.
Last but not least, there is the vulnerability CVE-2022-20625, CVSS score: 4.3, which is also a DoS flaw that was found in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software. Until this moment, no cases have been reported or found where these vulnerabilities were publicly exploited. Cisco recommends that all its users and customers update to protect their systems and products as quickly as possible. Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Logo Marcas
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp