DecryptedTech

Thursday11 August 2022

Vulnerabilities Disclosed in Cisco NX-OS that Could Allow Arbitrary Code Execution


Reading time is around minutes.

Cisco has announced that a series of vulnerabilities along with the associated patches that go with them for some of the Nexus Series Switches based on NX-OS. Cisco’s NX-OS is the heart of their data center line of switches like the Nexus 3k, 5500 and 5600, as well as the 6k and 9k series. These switches are often deployed inside large data centers or used as core switches for data and storage networks. Because of this large and critical deployment footprint the new flaw (tracked as CVE-2022-20650) is a rather dangerous one.

According to Cisco the attack is not terribly complicated and allows someone execute commands, as root, via the NX-API and an HTTP Post. Being able to compromise switches (where malware detection is non-existent) is an opening for attackers to pivot around a network without exposing their presence on an already compromised system. It is a method of attack that while not often seen has been used in attacks before along with attacks directed at wireless infrastructure.

In addition to the RCE vulnerability disclosed and patches, Cisco also reported a two DoS flaws in their CFSoIP, (Cisco Fabris Services over IP) and Bidirectional Forwarding Detection functions. On of these flaws is present in the Nexus 3k and 9k series switches and 6400 fabric interconnects. The other appears to only be present in the 9k series making the 9k a very risky devices to leave unpatched.

Cisco recommends patching as soon as possible to remove the risks associated with these bugs in NX-OS (as always). Organizations using these in their data centers should look to run these updates as soon as they can. Hopefully they are already set in an Active/Standby configuration (with dual supervisors where appropriate) so the patches can be deployed on the fly and not wait for a scheduled outage window.

Ensuring that you keep your infrastructure devices up to date is just as important as patching everything else. They should not be second priority to servers or any endpoints. Of course, make sure you chose your network device management software carefully as we are seeing these platforms release an unusually high number of critical bugs that also allow compromise by attackers. So, basically make sure you patch everything.

Happy patching

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.