Cisco patches: US-CERT warns attackers could take control of affected devices

Cisco has released a second round of October patches, this time addressing 15 separate flaws in its networking software. 

The updates bring fixes for seven high severity flaws and eight medium severity security issues. 

Three of the high severity issues affect its wireless LAN controller (WLC) software, including a privilege escalation vulnerability and a flaw that remote attacker without proper authentication could use to extract memory contents from a vulnerable device and steal secrets.   

The third bug affecting WLC could allow an attacker to for the WLC software to disconnect associated access points, causing a denial of service.  

Fortunately, Cisco found all the bugs during internal testing and isn’t aware of any exploits in the wild for them. 

However, US-CERT has issued an alert about the patches, noting that “an attacker could exploit one of these vulnerabilities to take control of an affected system.”

There are also patches for high severity issues affecting the Cisco NX-OS software, which runs on the company's Nexus-brand business switches. 

Cisco’s Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules are vulnerable if they are running any of the vulnerable releases detailed in its advisory

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches are also vulnerable to a remote denial of service attack if they are running a vulnerable release.     

“The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device,” Cisco notes

Several Firepower appliances and Nexus switches are among the devices affected by another denial of service vulnerability in Cisco’s implementation of the Link Layer Discovery Protocol (LLDP) in its FXOS and NX-OS Software. 

“An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly,” Cisco reports

Admins will need to view each of Cisco’s advisories to check whether they’re organization is operating devices with vulnerable or fixed software releases since some of the fixed releases have been available for many weeks prior to today’s disclosure.

The last high severity issue disclosed today is a denial of service flaw that affects the 802.11r Fast Transition feature set in Cisco’s Access Points (AP) Software.

“An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP,” Cisco says

Details about the eight medium severity issues disclosed on October 17 can be found on Cisco’s security advisories and alerts page. 


Read more: Cisco: hackers are attacking ASA and Firepower 0-day and there’s no patch

Tags Networkingciscodenial of serviceUS-CERT

Show Comments