Security News > 2020 > January > 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches.
The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.
The networking giant disclosed the critical flaws on Thursday; all three impact the Cisco Data Center Network Manager, a platform for managing its data centers running Cisco's NX-OS. NX-OS is the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
The third bug is described by Cisco as "Data center network manager authentication bypass vulnerability." This flaw exists in the web-based management interface of the DCNM, allowing an unauthenticated, remote attacker to bypass authentication on an affected device.
In addition to the three critical bugs, Cisco patched nine additional flaws of lesser severity, also tied to its DCNM component.
News URL
https://threatpost.com/cisco-patches-3-critical-bugs-nx-os/151529/
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)