Cisco Clears Multiple Vulnerabilities

Friday, June 22, 2018 @ 02:06 PM gHale

Cisco released security updates to address multiple vulnerabilities affecting a series of products.

The holes include 24 critical and high-severity flaws found in its switches, next generation firewalls and security appliances.

RELATED STORIES
Cisco Patches Multiple Vulnerabilities
Cisco Fixes WebEx Vulnerability
Cisco Fixes WebEx Hole
Fixed Hole Exploited in Iran, Russia

Those vulnerabilities are in the Cisco NX-OS Software, which enables network automation and program provisioning and configuration of the devices via APIs, and Cisco FXOS (Firepower eXtensible Operating System).

By exploiting the vulnerabilities, an attacker could gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, execute arbitrary commands, gain access to sensitive information, or cause a denial of service (DoS) condition on an affected device.

They can end up exploited via specially crafted packets and messages.

Twelve of the vulnerabilities affect Cisco FXOS Software and Cisco NX-OS Software and the remaining vulnerabilities affect only Cisco NX-OS Software. None of the vulnerabilities affect Cisco IOS Software or Cisco IOS XE Software.

There are no workarounds for the vulnerabilities, so administrators should implement the offered updates.

There is no indication these vulnerabilities are undergoing exploitation.

Affected products include:
• MDS 9000 Series Multilayer Switches
• Nexus 2000 Series Fabric Extenders
• Nexus 1000V/2000/3000/4000/6000/7000/7700 Series Switches
• Nexus 1100 Series Cloud Services Platforms
• Nexus 3500/3600/5500/5600 Platform Switches
• Nexus 9000 Series Switches in standalone NX-OS mode and in Application Centric Infrastructure (ACI) mode
• Nexus 9500 R-Series Line Cards and Fabric Modules
• Firepower 2100 Series
• Firepower 4100 Series Next-Generation Firewalls
• Firepower 9300 Security Appliance
• MDS 9000 Series Multilayer Switches
• UCS 6100/6200/6300 Series Fabric Interconnects

Some products that have reached end-of-life status could also be affected, but updates for them won’t be provided.

Click here for links to the advisories.



Leave a Reply

You must be logged in to post a comment.