Cisco issued a critical security alert for the Nexus data center switch.

A few days ago, Cisco released about 40 security reports, but only one of them was rated as "critical": a vulnerability in Cisco Nexus 9000 series application center infrastructure (ACI) mode data center switch may allow attackers to secretly access system resources.

The universal vulnerability scoring system gave this newly discovered vulnerability a score of 9.8 (full score 10). Cisco said that this is a problem with the key management of Cisco Nexus 9000 Series Secure Shell (ssh). This vulnerability allows a remote attacker to connect to the affected system with root privileges.

Cisco said, "This vulnerability is because all devices have a default ssh key pair. An attacker can use the extracted keying material and create an SSH connection to the target device through IPv6. This vulnerability can only be exploited through IPv6, and IPv4 will not be attacked. "

Devices with Nexus 9000 series and NX-OS software versions before 14. 1 will be affected by this vulnerability. The company said that there is no workaround to solve this problem at present.

However, Cisco released a free software update to solve this vulnerability.

The company also released a "high risk" security warning report for the Nexus 9000 series, which pointed out that there was an attack that allowed an attacker to execute arbitrary operating system commands on the affected devices with root privileges. Cisco said that if the attack is to succeed in this way, the attacker needs valid administrator user credentials of the corresponding device.

Cisco said that the vulnerability was caused by too wide system file permissions. An attacker can verify the affected device, construct a well-designed command string, and write the string into a file in a specific location. Attackers exploit this vulnerability in this way.

Cisco has released a software update that addresses this vulnerability.

Two other vulnerabilities rated as "high risk" also include the Nexus 9000 series:

Cisco also released software updates to address these vulnerabilities.

In addition, some of the security warnings are aimed at a large number of "high-risk" vulnerability warnings in the Cisco Firewall series.

For example, Cisco wrote that multiple vulnerabilities in the SMB protocol preprocessing detection engine of Cisco fire threat defense software may allow unauthenticated neighbors and remote attackers to cause denial-of-service attacks (DoS).

Cisco said that there is another vulnerability in the internal packet processing function of Cisco Firepower Software in Cisco Firepower 2 100 series, which can allow unauthenticated remote attackers to stop the affected devices from processing traffic, resulting in a DOS condition.

Software patches can be used to solve these vulnerabilities.

Other products, such as Cisco Adaptive Security Virtual Appliance and web Security Appliance, also have high priority patches.

via:/article/3392858/Cisco-issues-critical-security-warning-for-nexus-data-center-switches . html

Author: Michael G. Cooney Theme: lujun9972 Translator: hopefully2333 Proofreading: wxy