Cisco details security vulnerability warnings with Firepower firewall (FXOS), Unified Computing System software and Nexus (NX-OS) switch operating system. Credit: Arkadiusz Wargua / Getty Images Cisco has issued another batch of security warnings that include problems in its Firepower firewall (FXOS), Unified Computing System (UCS) software and Nexus switch operating system (NX-OS) . The firewall and UCS vulnerabilities all have a severity level of “high” on the Common Vulnerability Scoring System and include: A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could let an authenticated, local attacker execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges, Cisco stated. A second vulnerability in the local management of the same CLI interface in Cisco FXOS Software and Cisco UCS Manager Software could allow similar problems. A weakness in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could let an unauthenticated, adjacent attacker exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. (Cisco Discovery Protocol is a Layer 2 protocol.) To exploit this vulnerability, an attacker must be Layer 2 adjacent – in the same broadcast domain – as the affected device A successful exploit could lead to a buffer overflow that could then allow attackers to execute arbitrary code as root or cause a DoS condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers, Cisco stated. Cisco also noted that this problem is different from the ones it detailed earlier this month here: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. These vulnerabilities were found by Cisco during internal security testing and the company has released software updates that address the issues. Other security problems with a high rating include one in the resource-handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches that could let an attacker set off a DoS attack. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. The vulnerability is due to improper resource usage control, Cisco stated. Cisco has addressed the vulnerability and more information can be found here. Another vulnerably with a high rating was found in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere. This weakness could let an attacker perform a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a DoS situation. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device, Cisco stated. Cisco has released software updates that address this vulnerability. Cisco issued a number of other NS-OX vulnerability warnings that garnered “medium” level notices including issues with Border Gateway Protocol, Address Resolution Protocol and the NX-API system. Related content analysis Beware the gap between security readiness and confidence levels, Cisco warns Companies need greater network segmentation, sandboxes, firewalls, and anomaly detection to fight attackers, according to Cisco's 2024 Cybersecurity Readiness Index. By Michael Cooney Mar 27, 2024 6 mins SASE Network Security Networking analysis Cisco: AI tools, better workspaces would boost in-office appeal Office environments need to change to foster collaboration, and employers need to close the AI skills gap, Cisco reports in its hybrid work study. By Michael Cooney Mar 27, 2024 3 mins Generative AI Careers Networking news HPE Aruba adds genAI search tools to network management platform HPE Aruba is using proprietary LLMs to better understand questions posed in its Networking Central platform and generate more accurate, detailed responses. By Michael Cooney Mar 26, 2024 2 mins Generative AI Data Center Management Network Management Software brandpost Sponsored by HPE Aruba Networking EdgeConnect SD-WAN with SWG: building a SASE foundation By Gabriel Gomane Mar 25, 2024 7 mins SD-WAN PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe