This article is more than 1 year old

Cisco hugs sysadmins with a bunch more patches

Nexus switch owners, pay attention

Cisco's ongoing fix-all-the-things effort has emitted its regular weekly round of patches – and some, like in the NX-OS operating system that powers a bunch of its switches, deserve your attention.

There are critical fixes for the NX-OS that powers Nexus switches, and a virtualisation bug in the Nexus 7000 and 7700 switches.

NX-OS can be pwned over SSH if an authorised user passes a malicious value in the login. That gives the attacker the chance to escalate their privilege at the command line.

Any Nexus 1000V to 9000 switch running NX-OS with AAA (authentication, authorisation and accounting) configured, as well as Cisco's Multilayer Director switches, is affected and needs a patch.

The critical-rated Nexus 7000/7700 bug is in the Overlay Transport Virtualisation (OTV) in its generic routing encapsulation (GRE) implementation.

An adjacent attacker – making this a danger in multi-tenant networks – can send malicious OTV packets, force a buffer overflow, and gain “full control of the system”.

Cisco's advisory says sysadmins should check their IS-IS core files for indications of compromise, and if there's cause for concern, the Cisco Technical Assistance Center (TAC) will check the IS-IS to see if you've been attacked.

There are three NX-OS issues rated “high” on the list as well:

There are less-serious bugs splatted in its Unified Intelligence Center software, Firepower, IOS XR, Nexus 9000 switches, and ASA software here. ®

More about

TIP US OFF

Send us news


Other stories you might like