According to Cisco the attack is not terribly complicated and allows someone execute commands, as root, via the NX-API and an HTTP Post. Being able to compromise switches (where malware detection is non-existent) is an opening for attackers to pivot around a network without exposing their presence on an already compromised system. It is a method of attack that while not often seen has been used in attacks before along with attacks directed at wireless infrastructure.
In addition to the RCE vulnerability disclosed and patches, Cisco also reported a two DoS flaws in their CFSoIP, (Cisco Fabris Services over IP) and Bidirectional Forwarding Detection functions. On of these flaws is present in the Nexus 3k and 9k series switches and 6400 fabric interconnects. The other appears to only be present in the 9k series making the 9k a very risky devices to leave unpatched.
Cisco recommends patching as soon as possible to remove the risks associated with these bugs in NX-OS (as always). Organizations using these in their data centers should look to run these updates as soon as they can. Hopefully they are already set in an Active/Standby configuration (with dual supervisors where appropriate) so the patches can be deployed on the fly and not wait for a scheduled outage window.
Ensuring that you keep your infrastructure devices up to date is just as important as patching everything else. They should not be second priority to servers or any endpoints. Of course, make sure you chose your network device management software carefully as we are seeing these platforms release an unusually high number of critical bugs that also allow compromise by attackers. So, basically make sure you patch everything.
Happy patching
