Cisco has released several patches to resolve vulnerabilities in their Cisco Nexus Series Switches. These vulnerabilities include critical flaws related to command injection, as well as three Denial of Service bugs in the NX-OS. These vulnerabilities are tracked as CVE-2022-20650, CVE-2022-20623, CVE-2022-20624, and CVE-2022-20625. Barracuda MSP recommends applying these patches to the devices as soon as possible to prevent malicious actors from taking control of affected systems.
Technical Detail & Additional Information
WHAT IS THE THREAT?
Cisco has addressed multiple flaws in several of their Cisco Nexus Series Switches related to command injection and Denial of Service. The command injection vulnerability impacts the NX-API feature of the Cisco NX-OS software, which stems from a lack of sufficient input validation of user-supplied data. Attackers could exploit this vulnerability by sending a fully crafted HTTP POST request to the NX-API of the affected devices. A successful exploit allows attackers to execute arbitrary commands with root privileges on the operating system. The other three vulnerabilities involving Denial of Service bugs impact the Cisco NX-OS and FXOS software features, including Cisco Fabric Services Over IP (CFSoIP), Bidirectional Forwarding Detection (BFD) traffic functions, and Cisco Discovery Protocol service, allowing the attacker to disrupt services to restart, impacting availability.
- CVE-2022-20650 (CVSS score: 8.8) – A command injection vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
- CVE-2022-20623 (CVSS score: 8.6) – A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.
- CVE-2022-20624 (CVSS score: 8.6) – A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
- CVE-2022-20625 (CVSS score: 4.3) – A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition.
WHY IS IT NOTEWORTHY?
Cisco is widely known for their router and switch devices, which are utilized by businesses, universities, and individuals worldwide. Organizations rely on these products to power their communications and keep sensitive data secure for day-to-day operations. These devices are constantly available to provide productivity across a company’s environment. That’s why they are high-priority targets for threat actors. They seek to capture information and disrupt the environment through any unpatched exploits. Keeping all services updated regularly on business-critical devices is critical to ensure that all security patches are applied upon their release.
WHAT IS THE EXPOSURE OR RISK?
When vulnerabilities are discovered on devices utilized by many organizations, the risk is high. These vulnerabilities could allow attackers to access sensitive information, escalate privileges and execute arbitrary code. This could potentially affect business continuity and data leakage. However, for these specific vulnerabilities, Cisco mentioned that it is not aware of any of these bugs being exploited in the wild. Therefore, it is recommended that users move quickly to apply the necessary update to prevent potential real-world exploitation.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends ensuring that all affected Cisco Nexus Series Switches devices are updated immediately to address these vulnerabilities and reduce cyber risk to the organization. Please see references below for each vulnerabilities list of affected devices and promptly address those concerns.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.