"Cisco Patches High-Severity Vulnerabilities in Business Switches"

Cisco recently announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches.   The first of these issues is tracked as CVE-2022-2082 and affects the OSPF version 3 (OSPFv3) feature of NX-OS.  CVE-2022-2082 could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition.  Cisco notes that the flaw exists due to incomplete input validation of specific OSPFv3 packets, allowing an attacker to send a malicious OSPFv3 link-state advertisement (LSA) to a vulnerable device in order to trigger the bug.  Cisco stated that a successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.  The tech giant also notes that the OSPFv3 feature is disabled by default and that an attacker can exploit the vulnerability if they can establish a full OSPFv3 neighbor state with an affected device.  The second NX-OS vulnerability that Cisco addressed this week can also be exploited to cause a DoS condition.  Tracked as CVE-2022-20824, the bug resides in the Cisco Discovery Protocol feature and impacts the FXOS software as well.  CVE-2022-20824 is caused by the improper validation of specific values within a Cisco Discovery Protocol message, the flaw can be exploited by sending malicious Discovery Protocol packets to a vulnerable device.  Cisco noted that a successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition.  Because the Discovery Protocol is a Layer 2 protocol, an attacker looking to exploit the flaw has to be Layer 2 adjacent (in the same broadcast domain) to the affected device.  Cisco recommends that customers use the Cisco Software Checker to identify FXOS or NX-OS releases that fix the issues described in the advisories that the tool identifies.  The company says these vulnerabilities are not exploited in attacks and that it is not aware of the public existence of exploit code targeting them.

SecurityWeek reports: "Cisco Patches High-Severity Vulnerabilities in Business Switches"