Party like it's 1999: Packets of death, code exec menace Cisco gear
Annoying flaws found, patched in Fabric Services, NX-OS, StarOS, VOIP kit
Cisco has advised net admins using switches that run its Fabric Services on FXOS, or NX-OS software, to update their boxes following the discovery of a critical security flaw.
Switchzilla said CVE-2018-0304 can be exploited by an attacker to shut down the network boxes or remotely execute malicious code on them simply by sending a malformed packet.
"The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device," Cisco techies warned today.
"A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root."
Vulnerable devices include the Firepower firewall series and some Nexus and MDS network switches as well as three UCS interconnect models. Admins will want to get the patch from Cisco's June 2018 FXOS and NX-OS security update release (which patches 24 other flaws that have already been disclosed.)
Switchzilla warned of CVE-2018-0304 last month – now it's added details on firmware fixes for Nexus 2000, 5500, 5600, 6000, 7000, and 7700 series switches, as well as its FXOS and MDS platforms. So if you're using those devices, see the above linked advisory.
Cisco has also this week pushed out fixes for a pair of high-severity vulnerabilities in its StarOS router firmware, and the software for its IP Phone line.
The StarOS flaw, designated CVE-2018-0369, would allow an attacker to take down the targeted appliance with a simple IPv4 packet. Not a good thing to have present in your network router.
"The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device," Cisco staff explained.
"An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting."
Meanwhile, the IP Phone 6800, 7800, and 8800 lines were found to be vulnerable to CVE-2018-0341, a command injection vulnerability that would allow the attacker to control the web interface of the the VoIP phones via shell commands, if they use Cisco's multiplatform firmware.
Admins are being advised to install updates for all three flaws as soon as possible. ®