Security Alert (A16-10-01): Multiple Vulnerabilities in Cisco Products


 

Published on: 01 October 2016

     
Email to

Description:

Cisco has released five security advisories fixing a number of vulnerabilities in Cisco NX-OS Software. A remote attacker could exploit the vulnerabilities by sending maliciously crafted BGP update message, DHCPv4 or OTV UDP packet to the affected device.

 

Affected Systems:

  • Multilayer Director Switches
  • Nexus 1000V Series Switches
  • Nexus 2000 Series Fabric Extenders
  • Nexus 3000 Series Switches
  • Nexus 3500 Platform Switches
  • Nexus 4000 Series Switches
  • Nexus 5000 Series Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 7700 Series Switches
  • Nexus 9000 Series Switches (in ACI mode or NX-OS mode) 

The complete list of vulnerable systems can be found in the "Affected Products" section of individual Cisco Security Advisory available at:

1. Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa

2. Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv

3. Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp

4. Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1

5. Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2

 

Impact:

Depending on the vulnerability exploited, a successful attack could cause arbitrary code execution, security restrictions bypass, denial-of-service condition, or reload of a vulnerable device.

 

Recommendation:

Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

Users should contact their product support vendors for the fixes and assistance.

 

More Information:

This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2016/10/05/Cisco-Releases-Security-Updates
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0721
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1453
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1454
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6392
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6393 



Tag: Cisco , Cisco NX-OS
Tags