Security News > 2020 > February > Cisco Patches Flaws in FXOS, UCS Manager and NX-OS Software
Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software.
Because the Discovery Protocol is enabled by default globally and on all interfaces in FXOS and NX-OS, the flaw impacts numerous products, including Nexus, Firepower, UCS and MDS. Cisco has pointed out that this vulnerability is different from the one disclosed earlier this month, which researchers said affected tens of millions of Cisco devices deployed in enterprise environments.
Next in line is a high risk flaw in UCS Manager software that could be exploited by an authenticated, local attacker to execute arbitrary commands on the underlying operating system.
Two high risk CLI command injection vulnerabilities were addressed in FXOS and UCS Manager software, both of which could be exploited by an authenticated, local attacker to execute arbitrary commands.
Cisco also addressed three medium severity bugs in NX-OS software that could be exploited by an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection, cause a device to learn invalid Address Resolution Protocol entries, or restart the NX-API process.