Security News > 2020 > January > 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches.
The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.
The networking giant disclosed the critical flaws on Thursday; all three impact the Cisco Data Center Network Manager, a platform for managing its data centers running Cisco's NX-OS. NX-OS is the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
The third bug is described by Cisco as "Data center network manager authentication bypass vulnerability." This flaw exists in the web-based management interface of the DCNM, allowing an unauthenticated, remote attacker to bypass authentication on an affected device.
In addition to the three critical bugs, Cisco patched nine additional flaws of lesser severity, also tied to its DCNM component.
News URL
https://threatpost.com/cisco-patches-3-critical-bugs-nx-os/151529/
Related news
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Cisco merch shoppers stung in Magecart attack (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)