Security News > 2020 > January > 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches.

The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

The networking giant disclosed the critical flaws on Thursday; all three impact the Cisco Data Center Network Manager, a platform for managing its data centers running Cisco's NX-OS. NX-OS is the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

The third bug is described by Cisco as "Data center network manager authentication bypass vulnerability." This flaw exists in the web-based management interface of the DCNM, allowing an unauthenticated, remote attacker to bypass authentication on an affected device.

In addition to the three critical bugs, Cisco patched nine additional flaws of lesser severity, also tied to its DCNM component.

News URL

https://threatpost.com/cisco-patches-3-critical-bugs-nx-os/151529/