Multiple Flaws With Cisco Network System Software

This week Cisco has declared software updates on their official site to address four security vulnerabilities, that will be weaponized by the threat actors to take full control over the affected system.

While Cisco has claimed that the CVE-2022-20650 is the most severe with a CVSS score is 8.8 among all the security holes that are addressed.

This security flaw is related to the command injection flaw in the NX-API feature of Cisco NX-OS, and the main reason behind this flaw is the lack of sufficient input validation of user-supplied data.

Flaws Discovered

Apart from this, the second among the four is the flaw that directly puts an impact on:- 

  • Nexus 3000 series switches
  • Nexus 5600 platform switches
  • Nexus 5500 Platform switches

These devices are primarily affected by the CVE-2022-20624 and CVE-2022-20623. However, these kinds of flaws generally allow the threat actor to implement arbitrary commands along with root privileges on the existing operating system.

The last flaw is CVE-2022-20625, which has a CVSS score of 4.3, it is the third Dos vulnerability and this flaw can allow an unauthenticated threat actor to create the service to restart, and that gives results in a denial of service condition.

While here we have listed below the flaws discovered:-

  • CVE-2022-20650 with CVSS score 8.8 (It’s a Cisco NX-OS Software NX-API Command Injection Vulnerability).
  • CVE-2022-20624 with CVSS score 8.6 (It’s a Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability).
  • CVE-2022-20623 with CVSS score 8.6 (It’s a Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability).
  • CVE-2022-20625 with CVSS score 4.3 (It’s a Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability).

Affected Products

Here below we have mentioned all the products that are affected:-

  • Nexus 3000 Series Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode
  • UCS 6400 Series Fabric Interconnects
  • Cisco Nexus 9500 Series Switches
  • Cisco Nexus 9200 Series Switches
  • Firepower 4100 Series 
  • Firepower 9300 Security Appliances 
  • MDS 9000 Series Multilayer Switches 
  • Nexus 1000 Virtual Edge for VMware vSphere 
  • Nexus 1000V Switch for Microsoft Hyper-V 
  • Nexus 1000V Switch for VMware vSphere 
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • UCS 6200 Series Fabric Interconnects
  • UCS 6300 Series Fabric Interconnects

Moreover, Cisco has also released an additional patch for the CVE-2021-1586 which is detected in the Multi-Site network configurations for Nexus 9000 series switches in ACI mode.

The CVE-2021-1586 is a DoS vulnerability that is initially addressed in August 2021, and due to the improper sanitization of TCP traffic sent to a specific port this security flaw exists.

While as a recommendation the security analysts at Cisco have urged all its customers to immediately apply all the latest fixes released by Cisco for all the affected devices.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.