Sign In

Communications of the ACM

ACM TechNews

Flaws Discovered in Cisco's Network Operating System for Switches

View as: Print Mobile App Share:
The Cisco logo.

Cisco said that it's not aware of "any public announcements or malicious use" of these vulnerabilities, but recommends users move quickly to apply the necessary updates to prevent real-world exploitation.

Credit: Cisco

Technology conglomerate Cisco has issued software patches to correct four security flaws that hackers could exploit to commandeer affected systems.

The most critical patch fixes a command injection flaw in the NX-API feature of Cisco NX-OS software, stemming from insufficient input validation of user-supplied data.

Cisco warned, "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system."

Other bugs the patches target include two high-severity denial-of-service (DoS) vulnerabilities in NX-OS in the Cisco Fabric Services Over IP and Bidirectional Forwarding Detection traffic functions.

The fourth patch corrects a DoS flaw in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software, which could "allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service condition.

From The Hacker News
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account