Poison ping pong prompts patch from Cisco
Switchzilla has fixes for appliances, voice portal, Nexus switch OS
Cisco admins, it's your weekly patch notice.
The patch that gave us our headline is in NX-OS software, which is vulnerable to malicious pong (response to ping) packets.
If the pong packet tries to egress both a FabricPath port and a non-FabricPath port, the software tries to free the same area of memory twice. “An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload,” Cisco's advised.
Exploitation would need a relatively unlikely scenario, however, since Pong is disabled by default, as is FabricPath, and the FabricPath port has to be under monitoring by a SPAN (switched port analyser) session.
Users of the Adaptive Security Appliance or the Content Security Management Appliance need to run in a fix to plug a privilege escalation bug in the Web management console.
An authenticated local attacker can push themselves from guest up to root, by firing a set of malicious commands at the command line interface.
The software in question is the AsyncOS Software for ESA and Content SMA, for both virtual and hardware appliances.
Cisco's Unified Customer Voice Portal (CVP) and its NX-OS Nexus switch operating system software both have upgrades to plug denial-of-service vulnerabilities.
CVP's issue concerns its method of handling SIP traffic: a targeted appliance can be crashed by malformed SIP INVITE traffic. The issue affects Cisco Unified CVP running software releases prior to 11.6(1). ®