By CISCO announced fixes for more than thirty security flaws in its products on Wednesday, containing perilous flaws influencing NX-OS Software. A total sum of five unsafe random code implementation flaws were stated with this set of security fixes, influencing the NX-API property of NX-OS Software (CVE-2018-0301) and the Fabric Services element of FXOS Software and NX-OS Software (CVE-2018-0308, CVE-2018-0304, CVE-2018-0314, and CVE-2018-0312).
The flaws can be oppressed by non-validated, distant hackers to reason a buffer excess, implement random code, reason a denial of service situation, or read complex memory content on a pretentious device. The vulnerabilities influence numerous devices, containing Nexus 3000 Series Switches to Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Firepower 4100 and Firepower 9300 products, UCS 6100 to UCS 6300 Series Fabric Interconnects, and MDS 9000 Series Multilayer Switches.
CISCO also stated High risk flaws influencing NX-OS Software and FXOS Software, affecting Nexus 4000 Series Switch, Nexus 3000 and 9000 Series, and Firepower 4100 Series and Firepower 9300 Security Appliance. The problems distressing NX-OS contain command-injections in the CLI and NX-API, denial of service in the Simple Network Management Protocol input packet processor, elevation of privilege in role-based access control, remote code execution and DoS in the Internet Group Management Protocol Snooping feature, DoS in the Border Gateway Protocol implementation, elevation of privilege in NX-API.
Vulnerabilities also disturbing FXOS Software contain illegal administrator account in the write-erase property, DoS situations in the Discovery Protocol subsystem and Cisco Fabric Services element, and random code implementation in the Cisco Discovery Protocol component. Problems distressing merely FXOS Software contain a random code performance flaw in the CLI parser and a denial of service vulnerability in the web UI.
Moreover, CISCO fixed DoS vulnerabilities in the SNMP property of the CISCO Nexus 4000 Series Switch and in the execution of a precise CLI facility and the related SNMP MIB for Cisco Nexus 3000 and 9000 Series Switches. A trail traversal flaw was determined in the procedure of uploading new application images to the CISCO Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance.
CISCO also stated ten Medium risk vulnerabilities in TelePresence Video Communication Server (VCS) Expressway as a portion of the set of security updates, Unified Communications Manager IM & Presence Service (formerly CUPS), NX-OS Software, NVIDIA TX1 BootROM, Meeting Server, Firepower Management Center, 5000 Series Enterprise Network Compute System and Unified Computing (UCS) E-Series Servers, and AnyConnect Secure Mobility Client for Windows Desktop.
Further, software updates were announced for the flaw products. Cisco customers with valid licenses are recommended to upgrade to a suitable issue. Information on the determined flaws and the distressed products and devices are obtainable on the website of CISCO.
