Good news, Cisco admins: there are no bugs rated “critical” in this week's batch of security patches – but there are seven that copped a “high” rating, and four of those are remotely exploitable.
Two of the remotely-exploitable bugs are in the company's NX-OS operating system, as used in its Nexus and MDS switches.
For those inclined to nostalgia, there's an SNMP input processing bug, CVE-2018-0456. An attacker could hose Nexus 3000 Series switches, 3600 Platform switches, 9000 Series switches in standalone NX-OS mode, and 9500 R-Series line cards and fabric modules, by sending them a maliciously crafted SNMP packet.
Nexus 5500, 5600, and 6000 switches have a PTP (Precision Time Protocol) implementation that was unprotected against PTP frame flood attacks, in CVE-2018-0378, and again, that offered a path for remote denial-of-service (DoS).
Wrapping up the NX-OS crop, there is CVE-2018-0395, a Link Layer Discovery Protocol bug that could also lead to DoS, but only if the attack is launched from an adjacent device.
If you use Cisco's Wireless LAN Controller software, there were three bugs to address, two of them remotely exploitable.
First, there is CVE-2018-0442, an information disclosure vulnerability. The access point provisioning/control component of the software lacked checks on its keepalive requests, so an attacker could send a maliciously crafted request asking the device to reply with the contents of memory.
CVE-2018-0443 is (another) remote DoS bug, also in access point provisioning/control: discovery request packets weren't sufficiently validated, and malicious packets could crash the target.
CVE-2018-0417 is a privilege escalation bug in TACACS authentication with the management GUI, exploitable locally. A miscreant could leverage this bug to perform operations via the user interface not possible from the command line.
In CVE-2018-0441, timer mechanism bugs opened up Cisco IOS Access Points software to DoS, if a local attacker sent “malicious reassociation events multiple times to the same AP in a short period of time.” Of course, since the bug is in access point software, a successful malicious attacker could be a visitor to a facility using the vulnerable system.
There are eight other fixes, all rated “Medium” severity, and listed here. Get patching as soon as possible, where necessary. ®