Security News > 2020 > August > Cisco Patches High-Severity Vulnerabilities in NX-OS Software

Cisco Patches High-Severity Vulnerabilities in NX-OS Software
2020-08-27 19:27

Cisco this week released patches for ten high-risk vulnerabilities in NX-OS software, including some that could lead to code execution and privilege escalation.

Tracked as CVE-2020-3517, the first of the flaws resides in the Fabric Services component and could lead to a denial of service condition in both FXOS and NX-OS software.

Cisco also addressed CVE-2020-3454, a bug in the Call Home feature of NX-OS that could result in commands being executed as root, CVE-2020-3338, a DoS issue in the Protocol Independent Multicast feature for IPv6 networks, and CVE-2019-1896, a command injection vulnerability in the web-based management interface of Cisco Integrated Management Controller.

NX-OS software updates were released to fix all of these issues.

In addition to these NX-OS-related flaws, Cisco this week patched a medium severity DoS vulnerability in the local management CLI of Cisco UCS Manager Software.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/XaR0TH4c1iM/cisco-patches-high-severity-vulnerabilities-nx-os-software

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-27 CVE-2020-3338 Improper Handling of Exceptional Conditions vulnerability in Cisco Nx-Os
A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-755
7.5
7.5
2020-08-27 CVE-2020-3454 OS Command Injection vulnerability in Cisco Nx-Os
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS).
network
low complexity
cisco CWE-78
7.2
7.2
2020-08-27 CVE-2020-3517 NULL Pointer Dereference vulnerability in Cisco Firepower Extensible Operating System and Nx-Os
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-476
8.6
8.6
2019-08-21 CVE-2019-1896 OS Command Injection vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges.
network
low complexity
cisco CWE-78
7.2
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751