Cisco passes around antidotes to noxious NX-OS code execution bugs

The June collection has some lovely fabric patches

Get your ticket to the Cisco catwalk, sysadmins, and watch Switchzilla strut 24 FXOS and NX-OS software security advisories.

Five advisories in the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection are dressed in a luscious, Critical-rated red, while the remaining 19 merely hit the High.

Four of the critical bugs can affect the same list of products: the Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, and UCS 6300 Series Fabric Interconnects.

Those bugs (CVE-2018-0312, CVE-2018-0314, CVE-2018-0304, and CVE-2018-0308) are similar to each other: they arise from bugs in packet header processing.

Cisco Fabric Services packet headers are the culprits, with a malicious packet able to cause a buffer overflow and therefore a denial-of-service or remote code execution. All have patches available.

The other critical-rated bug is CVE-2018-0301 and affects the Cisco NX-OS Software NX-API.

The advisory explained that the NX-API is designed to make the Nexus command line interface available over HTTP and HTTPS.

NX-API is disabled by default, but if it's enabled, a crafted HTTP or HTTPs packet can get through the authentication module to execute arbitrary code as root. This impacts ten Nexus switch variants and MDS 9000 Series Multilayer Switches.

Apart from the FXOS and NS-OX collection, there are Medium-rated bugs in telepresence, unified communications manager, the Cisco Meeting Web server, the Firepower Management Server, Cisco 5000 NCS and UCS E-Series, and the AnyConnect client for Windows.

Finally, Cisco also inherited a third party bug from NVIDIA. The NVIDIA TX1 boot ROM bug, CVE-2018-6242, allowed a local attacker to bypass secure boot to run arbitrary code when recovery mode is active. As well as fixing the bug, the patch blocks users from downgrading their system to re-enable recovery mode. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021