Security News > 2021 > August > Cisco Issues Critical Fixes for High-End Nexus Gear
Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity.
The most serious of the bugs patched by Cisco could allow a remote and unauthenticated adversary to read or write arbitrary files on to an application protocol interface used in Cisco 9000 series switches designed to manage its software-defined networking data center solution.
APIC is the main architectural component of the Cisco Application Centric Infrastructure, which runs on Cisco Nexus 9000 Series node.
Affected products are Cisco APIC and Cisco Cloud APIC. As with each of the bugs and fixes announced Wednesday, Cisco said mitigations are available for each of the vulnerabilities and it is not aware of any publicly known exploits for those bugs patched.
"A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service condition," wrote Cisco.
On Wednesday, Cisco released a second critical advisory for its gear tied to a QNX operating system bug, reported on August 17 by BlackBerry.
News URL
https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)