Cisco patches critical vulnerabilities

Cisco released patches for 34 vulnerabilities that include 5 critical, 20 high and 9 medium vulnerabilities. The 5 critical vulnerabilities are in FXOS and NX-OS and NX-API software and could allow an attacker to execute remote arbitrary code that could cause a buffer overflow or in other cases may lead to a DoS attack.

You'll need to wade through Cisco's advisories to work out if the software you're running is vulnerable or already fixed.

All of the critical flaws have a CVSS score of 9.8 out of 10 and four of them affect the FXOS and NX-OS Cisco Fabric Services because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets," according to the security notice. The last critical flaw affects the NX-API feature of NX-OS.

The critical Smart Install flaw has affected 8.5 million devices till now.

The Cisco patch will fix the issues CVE-2018-0308, CVE-2018-0304, CVE-2018-0314 and CVE-2018-0312.

 ▬ MDS 9000 Series Multilayer Switches
▬ Nexus 2000 Series Fabric Extenders
▬ Nexus 3000 Series Switches
▬ Nexus 3500 Platform Switches
▬ Nexus 5500 Platform Switches
▬ Nexus 5600 Platform Switches
▬ Nexus 6000 Series Switches
▬ Nexus 7000 Series Switches
▬ Nexus 7700 Series Switches
▬ Nexus 9000 Series Switches in a standalone NX-OS mode
▬ Nexus 9500 R-Series Line Cards and Fabric Modules
▬ Firepower 4100 Series Next-Generation Firewalls
▬ Firepower 9300 Security Appliance
▬ UCS 6100 Series Fabric Interconnects
▬ UCS 6200 Series Fabric Interconnects
▬ UCS 6300 Series Fabric Interconnects

The NX-API vulnerability is caused by an incorrect input validation in the authentication module of the NX-API subsystem which can be exploited if an attacker were to send a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled.

The four affecting Cisco Fabric Services are because FXOS/NX-OS "insufficiently validates header values in Cisco Fabric Services packets".