Cisco Fixes Serious Bugs in Data Center Operating Systems
February 29, 2024
Cisco, the technology titan, has issued its semiannual FXOS and NX-OS security advisory bundle, which details information on four vulnerabilities. This includes two high-severity flaws in the NX-OS software.
The first high-severity bug, CVE-2024-20321, is due to the mapping of External Border Gateway Protocol (eBGP) traffic to a 'shared hardware rate-limiter queue.' This could potentially enable an unauthenticated, remote attacker to cause a DoS condition by sending a large volume of traffic. Cisco has identified that the security flaw, under certain circumstances, affects Nexus 3600 series switches and Nexus 9500 R-series line cards, including specific product IDs.
The second high-severity flaw, CVE-2024-20267, is due to improper error checking in the processing of an ingress MPLS frame. An unauthenticated, remote attacker could cause a DoS condition by encapsulating a specially crafted IPv6 packet in an MPLS frame and sending it to a vulnerable device. The flaw affects Nexus 3000, Nexus 5500, Nexus 5600, Nexus 6000, Nexus 7000, and Nexus 9000 series switches that have MPLS configured. Cisco has resolved these vulnerabilities in NX-OS software versions 9.3(12), 10.2(6), and 10.3(4a).
In addition to these, Cisco has also patched two medium-severity flaws in its FXOS and NX-OS software. The first flaw affects the handling of specific fields in a Link Layer Discovery Protocol (LLDP) frame, which could allow an attacker to crash the LLDP service on the affected device. The second bug is located in the access control list (ACL) programming for port channel subinterfaces of Nexus 3000 and 9000 series switches in standalone NX-OS mode. This could be exploited remotely, without authentication, to bypass ACL protections.
Another medium-severity vulnerability resolved impacts the UCS 6400 and 6500 series fabric interconnects in Intersight Managed Mode (IMM). This could be exploited by unauthenticated, remote attackers to cause a DoS condition. According to Cisco, there is no evidence of these security defects being actively exploited in attacks. More details can be found on Cisco’s security advisories page.
Latest News
- Chinese Cyber Espionage Clusters Exploit Ivanti VPN Vulnerabilities to Deploy New Malware
- BlackCat Ransomware Gang Alleges Theft of 6TB Data from Change Healthcare
- Lazarus Group Exploits Windows Zero-Day for Kernel-Level Access
- APT28 Uses Compromised Ubiquiti EdgeRouters in Global Cyber Operations
- FBI and CISA Alert Healthcare Sector of Targeted BlackCat Ransomware Attacks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.